Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45290 (GCVE-0-2023-45290)
Vulnerability from cvelistv5 – Published: 2024-03-05 22:22 – Updated: 2025-02-13 17:14
VLAI
EPSS
Title
Memory exhaustion in multipart form parsing in net/textproto and net/http
Summary
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/textproto |
Affected:
0 , < 1.21.8
(semver)
Affected: 1.22.0-0 , < 1.22.1 (semver) |
Credits
Bartek Nowotarski
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:04:15.773941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T11:07:13.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/65383"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/569341"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240329-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/textproto",
"product": "net/textproto",
"programRoutines": [
{
"name": "Reader.readLineSlice"
},
{
"name": "Reader.readContinuedLineSlice"
},
{
"name": "Reader.ReadCodeLine"
},
{
"name": "Reader.ReadContinuedLine"
},
{
"name": "Reader.ReadContinuedLineBytes"
},
{
"name": "Reader.ReadDotLines"
},
{
"name": "Reader.ReadLine"
},
{
"name": "Reader.ReadLineBytes"
},
{
"name": "Reader.ReadMIMEHeader"
},
{
"name": "Reader.ReadResponse"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.21.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.22.1",
"status": "affected",
"version": "1.22.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski"
}
],
"descriptions": [
{
"lang": "en",
"value": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:09:46.260Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/65383"
},
{
"url": "https://go.dev/cl/569341"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240329-0004/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
}
],
"title": "Memory exhaustion in multipart form parsing in net/textproto and net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-45290",
"datePublished": "2024-03-05T22:22:28.703Z",
"dateReserved": "2023-10-06T17:06:26.221Z",
"dateUpdated": "2025-02-13T17:14:02.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45290",
"date": "2026-06-02",
"epss": "0.00443",
"percentile": "0.63589"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45290\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-03-05T23:15:07.210\",\"lastModified\":\"2024-11-21T08:26:42.853\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.\"},{\"lang\":\"es\",\"value\":\"Al analizar un formulario de varias partes (ya sea expl\u00edcitamente con Request.ParseMultipartForm o impl\u00edcitamente con Request.FormValue, Request.PostFormValue o Request.FormFile), no se aplicaron l\u00edmites en el tama\u00f1o total del formulario analizado a la memoria consumida al leer un solo formulario l\u00ednea. Esto permite que una entrada creada con fines malintencionados que contenga l\u00edneas muy largas provoque la asignaci\u00f3n de cantidades de memoria arbitrariamente grandes, lo que podr\u00eda provocar un agotamiento de la memoria. Con la correcci\u00f3n, la funci\u00f3n ParseMultipartForm ahora limita correctamente el tama\u00f1o m\u00e1ximo de las l\u00edneas del formulario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/08/4\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/cl/569341\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/65383\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2599\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240329-0004/\",\"source\":\"security@golang.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/08/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://go.dev/cl/569341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://go.dev/issue/65383\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2599\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240329-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://go.dev/issue/65383\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://go.dev/cl/569341\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2599\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240329-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/08/4\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:21:15.331Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45290\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-06T15:04:15.773941Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:11.391Z\"}}], \"cna\": {\"title\": \"Memory exhaustion in multipart form parsing in net/textproto and net/http\", \"credits\": [{\"lang\": \"en\", \"value\": \"Bartek Nowotarski\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/textproto\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.21.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.22.0-0\", \"lessThan\": \"1.22.1\", \"versionType\": \"semver\"}], \"packageName\": \"net/textproto\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Reader.readLineSlice\"}, {\"name\": \"Reader.readContinuedLineSlice\"}, {\"name\": \"Reader.ReadCodeLine\"}, {\"name\": \"Reader.ReadContinuedLine\"}, {\"name\": \"Reader.ReadContinuedLineBytes\"}, {\"name\": \"Reader.ReadDotLines\"}, {\"name\": \"Reader.ReadLine\"}, {\"name\": \"Reader.ReadLineBytes\"}, {\"name\": \"Reader.ReadMIMEHeader\"}, {\"name\": \"Reader.ReadResponse\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/65383\"}, {\"url\": \"https://go.dev/cl/569341\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2599\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240329-0004/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/08/4\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-05-01T17:09:46.260Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45290\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:14:02.493Z\", \"dateReserved\": \"2023-10-06T17:06:26.221Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-03-05T22:22:28.703Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024:1616
Vulnerability from csaf_redhat - Published: 2024-07-01 00:28 - Updated: 2026-06-03 04:27Summary
Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9
Severity
Important
Notes
Topic: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Run Once Duration Override Operator for Red Hat OpenShift is an optional
operator that makes it possible to override activeDeadlineSeconds
field during pod admission.
Security Fix(es):
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
54 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Run Once Duration Override Operator for Red Hat OpenShift is an optional\noperator that makes it possible to override activeDeadlineSeconds\nfield during pod admission.\n\nSecurity Fix(es):\n\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1616",
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "WRKLDS-1047",
"url": "https://issues.redhat.com/browse/WRKLDS-1047"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1616.json"
}
],
"title": "Red Hat Security Advisory: Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9",
"tracking": {
"current_release_date": "2026-06-03T04:27:32+00:00",
"generator": {
"date": "2026-06-03T04:27:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:1616",
"initial_release_date": "2024-07-01T00:28:51+00:00",
"revision_history": [
{
"date": "2024-07-01T00:28:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-01T00:28:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T04:27:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RODOO 1.1 for RHEL 9",
"product": {
"name": "RODOO 1.1 for RHEL 9",
"product_id": "9Base-RODOO-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1.1::el9"
}
}
}
],
"category": "product_family",
"name": "Run Once Duration Override Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-rhel9\u0026tag=v1.1-21"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-operator-bundle\u0026tag=v1.1-20"
}
}
},
{
"category": "product_version",
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"product": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"product_id": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd?arch=amd64\u0026repository_url=registry.redhat.io/run-once-duration-override-operator/run-once-duration-override-rhel9-operator\u0026tag=v1.1-21"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64 as a component of RODOO 1.1 for RHEL 9",
"product_id": "9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"relates_to_product_reference": "9Base-RODOO-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64 as a component of RODOO 1.1 for RHEL 9",
"product_id": "9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"relates_to_product_reference": "9Base-RODOO-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64 as a component of RODOO 1.1 for RHEL 9",
"product_id": "9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
},
"product_reference": "run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64",
"relates_to_product_reference": "9Base-RODOO-1.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:28:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-operator-bundle@sha256:ec2ad9acac7336403094c3387975d653a23abf203ba0d5dae0338d62e55f407b_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9-operator@sha256:c5354ce36382085f2185bcb33ee3580aedf786bb45c05120ff3dce4cecb814dd_amd64",
"9Base-RODOO-1.1:run-once-duration-override-operator/run-once-duration-override-rhel9@sha256:d840b81c0964b08ea2e8e7765b8517c5b5f5e6fc099c1b7e8993bbb4ebbc0025_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
}
]
}
RHSA-2024:2088
Vulnerability from csaf_redhat - Published: 2024-04-29 02:26 - Updated: 2026-06-02 17:41Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Severity
Important
Notes
Topic: An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.
Security Fix(es):
* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.
5.4 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
55 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.\n\nSecurity Fix(es):\n\n* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2088",
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2088.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2026-06-02T17:41:33+00:00",
"generator": {
"date": "2026-06-02T17:41:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2088",
"initial_release_date": "2024-04-29T02:26:47+00:00",
"revision_history": [
{
"date": "2024-04-29T02:26:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-29T02:26:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:41:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 2 on RHEL 8",
"product": {
"name": "Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:2::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-7"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-4"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=2.4.0-7"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=2.4.0-4"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=2.4.0-9"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=2.4.0-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"relates_to_product_reference": "8Base-Cryostat-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64 as a component of Cryostat 2 on RHEL 8",
"product_id": "8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64",
"relates_to_product_reference": "8Base-Cryostat-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-1023",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2260840"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1023"
},
{
"category": "external",
"summary": "RHBZ#2260840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/issues/5078",
"url": "https://github.com/eclipse-vertx/vert.x/issues/5078"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5080",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5080"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5082",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5082"
}
],
"release_date": "2024-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx"
},
{
"cve": "CVE-2024-1300",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263139"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This affects only TLS servers with SNI enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1300"
},
{
"category": "external",
"summary": "RHBZ#2263139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1300"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300"
},
{
"category": "external",
"summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.",
"url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni."
}
],
"release_date": "2024-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-04-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2272907"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, allowing data to accumulate without limits. This flaw allows an attacker to cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Allocation of Resources Without Limits or Throttling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in io.netty:netty-codec-http, allowing for Allocation of Resources Without Limits or Throttling issues, is assessed as moderate severity due to its potential impact on system availability and performance. By exploiting the flaw in HttpPostRequestDecoder, an attacker can craft chunked POST requests with numerous small fields, causing excessive accumulation of data in memory buffers. This unrestricted accumulation can lead to significant memory consumption on the server, potentially exhausting available resources and resulting in denial of service (DoS) conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "RHBZ#2272907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3",
"url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c",
"url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812"
}
],
"release_date": "2024-03-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-29T02:26:47+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2088"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:c6f6accf2843a8d682184c4856ed4a33718598ac93f408a6ae176499afebb98c_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:ce37e72beb00a9eb2653cf6c248abf4d569cf3a708f83a67a0d4639f4893b31e_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:818f32bf078b473ea3d3e414134d55b196333b179db54371c7a283e20ae720be_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-operator-bundle@sha256:a737d333ff2270d1c4c5cdee31395840118f8845f1721215a0ed3339d6c0bfc7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:007cd4be45dbe9627b80ae749b78b751fe9846da0659f2a4f73e801a7207c663_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-reports-rhel8@sha256:59d2392e2a211b2abfe7d7f077037a3b7d6a5a6300c993d8dd11ab6a833cdaed_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:734054cf4f9b68b186ae2024caf7401321c14c63a70188f771617cc3ae83dc64_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ecbc8c12eb93ba51d9f20bc53f6d83b730e0fd3a48facc3331daa34bd38fefdf_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:99dab409d9e80a951f39c80f3429fa34ab1ed99f68d41f15fedf63cb33eb5c29_amd64",
"8Base-Cryostat-2:cryostat-tech-preview/cryostat-rhel8@sha256:d8b2fe76c91ac7bfc781cb4b73289dfe88f3add9a9e3d2f452c9e1034d83a2c8_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:9b0de728776daa581545cce4c7ffac8ee35374b65968125dea89f5e896a958a7_arm64",
"8Base-Cryostat-2:cryostat-tech-preview/jfr-datasource-rhel8@sha256:f28d25a215222f8d1e19b59ea479dc22b71380cd8c3ffa99ae562727fbb1b487_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Allocation of Resources Without Limits or Throttling"
}
]
}
RHSA-2024:2096
Vulnerability from csaf_redhat - Published: 2024-05-01 07:37 - Updated: 2026-06-03 04:27Summary
Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.1
Severity
Moderate
Notes
Topic: Moderate: Logging for Red Hat OpenShift - 5.9.1
Details: Logging for Red Hat OpenShift - 5.9.1
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x | — |
Workaround
|
|
| Unresolved product id: 9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 | — |
Workaround
|
Threats
Impact
Moderate
References
56 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Moderate: Logging for Red Hat OpenShift - 5.9.1",
"title": "Topic"
},
{
"category": "general",
"text": "Logging for Red Hat OpenShift - 5.9.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2096",
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "LOG-4672",
"url": "https://issues.redhat.com/browse/LOG-4672"
},
{
"category": "external",
"summary": "LOG-5062",
"url": "https://issues.redhat.com/browse/LOG-5062"
},
{
"category": "external",
"summary": "LOG-5268",
"url": "https://issues.redhat.com/browse/LOG-5268"
},
{
"category": "external",
"summary": "LOG-5278",
"url": "https://issues.redhat.com/browse/LOG-5278"
},
{
"category": "external",
"summary": "LOG-5307",
"url": "https://issues.redhat.com/browse/LOG-5307"
},
{
"category": "external",
"summary": "LOG-5309",
"url": "https://issues.redhat.com/browse/LOG-5309"
},
{
"category": "external",
"summary": "LOG-5322",
"url": "https://issues.redhat.com/browse/LOG-5322"
},
{
"category": "external",
"summary": "LOG-5323",
"url": "https://issues.redhat.com/browse/LOG-5323"
},
{
"category": "external",
"summary": "LOG-5395",
"url": "https://issues.redhat.com/browse/LOG-5395"
},
{
"category": "external",
"summary": "LOG-5397",
"url": "https://issues.redhat.com/browse/LOG-5397"
},
{
"category": "external",
"summary": "LOG-5401",
"url": "https://issues.redhat.com/browse/LOG-5401"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2096.json"
}
],
"title": "Red Hat Security Advisory: security update Logging for Red Hat OpenShift - 5.9.1",
"tracking": {
"current_release_date": "2026-06-03T04:27:33+00:00",
"generator": {
"date": "2026-06-03T04:27:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2096",
"initial_release_date": "2024-05-01T07:37:52+00:00",
"revision_history": [
{
"date": "2024-05-01T07:37:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-01T07:37:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T04:27:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.9 for RHEL 9",
"product": {
"name": "RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.9::el9"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.1-17"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.9.1-32"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-242"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v2.9.6-12"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"product_id": "openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.9.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-520"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-222"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.1-17"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-242"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v2.9.6-12"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64",
"product_id": "openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-520"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-222"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.1-17"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-242"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"product_id": "openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v2.9.6-12"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"product_id": "openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-520"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-222"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.1-17"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-223"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-242"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"product_id": "openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v2.9.6-12"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"product_id": "openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.1-2"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.1-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-520"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-222"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
},
{
"cve": "CVE-2024-28180",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2024-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268854"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose-go: improper handling of highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64"
],
"known_not_affected": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "RHBZ#2268854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28180"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g"
}
],
"release_date": "2024-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-01T07:37:52+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2096"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:b9b0d5bfcb535abd58c2f69228b1b11680c4deffcc28939562e04be64f3f1819_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:7438e5913d29f4145f8066e6f16d956ee7d359152f1d4320e693e3956f18cca9_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:8d22a9a8f5172acbae285d9013b46b37469670922d10e23760bb42e88f2385cc_s390x",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:96355f3583c1facc7ce1d35271b45b938e32085d4f384dd31d77515b12ca2ea6_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:f02a5d8d04b538e97b8548d46b4e30f95f0b61c4fde2a7e84f788e96375abcae_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:149245f6e7ef126c9866a20087253b05b224055a3f10ae80d1c838d7df9b36c3_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:68e570ab61142e480d3d9634b37322712428b12114ab78a8c45bb043190c51b8_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:94a211e797db00bd9eda0b973248b1851c51b50431321860e1d7af1a587cd3ba_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:a577a6eb01de0d8efb8f00b7906a800aa9cde2163097d5759745a86167e2c97c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:4ed8f5f1c6c32e57fada2d64b878c2ac332737bf9838adcc23924d69c4d79d6a_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:9db3cb52aa3fa1517294af1a2d62568a0f547ab6e60e3ffc183ea1aaa6aaed00_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:c0ae53bf06eb2215b15b7c7f6226c51595fd4496fa9bcdac4a68ef8bbf8e3539_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:d168c33f796efc1ab9f8c9090a518276ad5b8681325d7a93268d8361424f9b39_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:083cd67a0f990e18bb27a19445a717ce59c1bde4b24cd3a255252356a33799f6_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:6742236fe7345b20e2a268dd50ee59b71440007dcfa1d3eeda9cd736f5c4d18c_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:83cdeaba33d3714b390587b4de159d0b6c7ff93727612c005109b610d59fc224_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:86aed724b2670ee04591f26b4c6d93bda1794383066a05604c378a83428c103a_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0100480ed62c245d41e8ed773e9d86e455571f43356fdbd393d07ceeae116a01_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:0612bac24616378ce5f0ac072811afe4f0b90f42967c8c71f6140a26b8c87d84_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:07cefaf47dec6bf96ef61e73adb20d0fb00a9c0ad02bcc1639ed135967f7a9ed_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f1f35408f3680234c1baa7fd9c84b52462ee7f4c52c75034bef8c6a2cad55372_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6b23a56140adbe97601e778c3e79c2fe6f0efd748847ed2c760f1707fead8f9a_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:6c1ba758c16b501eaddd9d677ac9543be13f6ed225a748f5ddd61fdceba9c406_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:8d04b5477d501a8c24889c4a8de6aac1a469866d60df30804907aa3da7d639f6_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f44755e453fd642409d36d9067ee72bca5a7e7869f7c7388eba4a212ed6a2321_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:9fb6e7902d07e07c361fe59701f47afc59738c5e79fb284b48a871396a32b611_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:10e2bf5e57e27a3d282fe42569c7942a5379b2d858068e1f7defce963b66ae11_ppc64le",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:485656286d971621a26ce84d3396487469d08b8a76e80cff72432c3e84f6cd1d_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a24707ef9b43a2f8efd48239f37b660ddd3c8f2a8d12257565263f4b981ea0fd_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:c7cadd268b410021f4d3a3a5e908acff2284f4e0849930343f80d6aab4853ee6_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:13146ff17125b520effacedeba5dfc421abdca77e630fb97d6f2a617ffc29eec_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:2117cf12bf0e561098ff67be5107722aee0a0882246ffbdc51a05170a3ef8aea_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:25c50de74701e7eb3223e413826183deb019708a964e41ef2312aa4a0cc4b183_amd64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:86a64598d537394af528bc9aa331a236fd529d0447031e6c915a5f1c8a4a6af5_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:575991ff668c00f871273b761497bfce388892b9152d7c49e62efee1d199680f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:6254f71ba78f25bd3181c64187bf45520d483f559ee0ea186e52b2a4eb3f659c_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:7a3e62b7f685a8f052ba0856d2148f27586fe2bf24d99321aa44dd03d18cf544_s390x",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:fcb406ba6ca71d851f3a1a88f1d33122d05727992ed094d11b58b26a845f307e_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:0f53258d5af09af01a27e3cc7746e3f303e0973e0428cffee2b67248d9ca2c1b_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:483a6fb9b5f619a3ec9713d9a934deb7ffa402fdff1a6887741cf09207b904a2_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:de897486308dc6b5a60d0590781ed4ebba827d06795e918ed69fdb90093905ef_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa117df007f5f3d75d8c8a314a82f8607a035152ca83eb0ce167d0e8f1331c45_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jose-go: improper handling of highly compressed data"
}
]
}
RHSA-2024:2562
Vulnerability from csaf_redhat - Published: 2024-04-30 13:33 - Updated: 2026-06-02 17:42Summary
Red Hat Security Advisory: golang security update
Severity
Important
Notes
Topic: An update for golang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
60 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
@r3kumar
@qmuntal
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for golang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2562",
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2262921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2562.json"
}
],
"title": "Red Hat Security Advisory: golang security update",
"tracking": {
"current_release_date": "2026-06-02T17:42:03+00:00",
"generator": {
"date": "2026-06-02T17:42:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2562",
"initial_release_date": "2024-04-30T13:33:46+00:00",
"revision_history": [
{
"date": "2024-04-30T13:33:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-04-30T13:33:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:42:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-2.el9_4.aarch64",
"product": {
"name": "go-toolset-0:1.21.9-2.el9_4.aarch64",
"product_id": "go-toolset-0:1.21.9-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-2.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-2.el9_4.aarch64",
"product": {
"name": "golang-0:1.21.9-2.el9_4.aarch64",
"product_id": "golang-0:1.21.9-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-2.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-2.el9_4.aarch64",
"product": {
"name": "golang-bin-0:1.21.9-2.el9_4.aarch64",
"product_id": "golang-bin-0:1.21.9-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-2.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-2.el9_4.ppc64le",
"product": {
"name": "go-toolset-0:1.21.9-2.el9_4.ppc64le",
"product_id": "go-toolset-0:1.21.9-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-2.el9_4.ppc64le",
"product": {
"name": "golang-0:1.21.9-2.el9_4.ppc64le",
"product_id": "golang-0:1.21.9-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-2.el9_4.ppc64le",
"product": {
"name": "golang-bin-0:1.21.9-2.el9_4.ppc64le",
"product_id": "golang-bin-0:1.21.9-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-2.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-2.el9_4.x86_64",
"product": {
"name": "go-toolset-0:1.21.9-2.el9_4.x86_64",
"product_id": "go-toolset-0:1.21.9-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-2.el9_4.x86_64",
"product": {
"name": "golang-0:1.21.9-2.el9_4.x86_64",
"product_id": "golang-0:1.21.9-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-2.el9_4.x86_64",
"product": {
"name": "golang-bin-0:1.21.9-2.el9_4.x86_64",
"product_id": "golang-bin-0:1.21.9-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-2.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-2.el9_4.s390x",
"product": {
"name": "go-toolset-0:1.21.9-2.el9_4.s390x",
"product_id": "go-toolset-0:1.21.9-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-2.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-2.el9_4.s390x",
"product": {
"name": "golang-0:1.21.9-2.el9_4.s390x",
"product_id": "golang-0:1.21.9-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-2.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-2.el9_4.s390x",
"product": {
"name": "golang-bin-0:1.21.9-2.el9_4.s390x",
"product_id": "golang-bin-0:1.21.9-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-2.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-0:1.21.9-2.el9_4.src",
"product": {
"name": "golang-0:1.21.9-2.el9_4.src",
"product_id": "golang-0:1.21.9-2.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-2.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.21.9-2.el9_4.noarch",
"product": {
"name": "golang-docs-0:1.21.9-2.el9_4.noarch",
"product_id": "golang-docs-0:1.21.9-2.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.21.9-2.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.21.9-2.el9_4.noarch",
"product": {
"name": "golang-misc-0:1.21.9-2.el9_4.noarch",
"product_id": "golang-misc-0:1.21.9-2.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.21.9-2.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.21.9-2.el9_4.noarch",
"product": {
"name": "golang-src-0:1.21.9-2.el9_4.noarch",
"product_id": "golang-src-0:1.21.9-2.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.21.9-2.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.21.9-2.el9_4.noarch",
"product": {
"name": "golang-tests-0:1.21.9-2.el9_4.noarch",
"product_id": "golang-tests-0:1.21.9-2.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.21.9-2.el9_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64"
},
"product_reference": "go-toolset-0:1.21.9-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le"
},
"product_reference": "go-toolset-0:1.21.9-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x"
},
"product_reference": "go-toolset-0:1.21.9-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64"
},
"product_reference": "go-toolset-0:1.21.9-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64"
},
"product_reference": "golang-0:1.21.9-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le"
},
"product_reference": "golang-0:1.21.9-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x"
},
"product_reference": "golang-0:1.21.9-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-2.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src"
},
"product_reference": "golang-0:1.21.9-2.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64"
},
"product_reference": "golang-0:1.21.9-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64"
},
"product_reference": "golang-bin-0:1.21.9-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le"
},
"product_reference": "golang-bin-0:1.21.9-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x"
},
"product_reference": "golang-bin-0:1.21.9-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64"
},
"product_reference": "golang-bin-0:1.21.9-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.21.9-2.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch"
},
"product_reference": "golang-docs-0:1.21.9-2.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.21.9-2.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch"
},
"product_reference": "golang-misc-0:1.21.9-2.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.21.9-2.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch"
},
"product_reference": "golang-src-0:1.21.9-2.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.21.9-2.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
},
"product_reference": "golang-tests-0:1.21.9-2.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"acknowledgments": [
{
"names": [
"@r3kumar",
"@qmuntal"
]
}
],
"cve": "CVE-2024-1394",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262921"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1394"
},
{
"category": "external",
"summary": "RHBZ#2262921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1394"
},
{
"category": "external",
"summary": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136",
"url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
},
{
"category": "external",
"summary": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6",
"url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
},
{
"category": "external",
"summary": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f",
"url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2660",
"url": "https://pkg.go.dev/vuln/GO-2024-2660"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2660.json",
"url": "https://vuln.go.dev/ID/GO-2024-2660.json"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-30T13:33:46+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2562"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:go-toolset-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:golang-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:golang-bin-0:1.21.9-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:golang-docs-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-misc-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-src-0:1.21.9-2.el9_4.noarch",
"AppStream-9.4.0.Z.MAIN.EUS:golang-tests-0:1.21.9-2.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
}
]
}
RHSA-2024:2724
Vulnerability from csaf_redhat - Published: 2024-05-07 10:45 - Updated: 2026-06-02 17:42Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
37 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2724",
"url": "https://access.redhat.com/errata/RHSA-2024:2724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2724.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-02T17:42:06+00:00",
"generator": {
"date": "2026-06-02T17:42:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2724",
"initial_release_date": "2024-05-07T10:45:42+00:00",
"revision_history": [
{
"date": "2024-05-07T10:45:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-07T10:45:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:42:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el9_4.src",
"product": {
"name": "git-lfs-0:3.4.1-2.el9_4.src",
"product_id": "git-lfs-0:3.4.1-2.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el9_4.aarch64",
"product": {
"name": "git-lfs-0:3.4.1-2.el9_4.aarch64",
"product_id": "git-lfs-0:3.4.1-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el9_4.ppc64le",
"product": {
"name": "git-lfs-0:3.4.1-2.el9_4.ppc64le",
"product_id": "git-lfs-0:3.4.1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el9_4.x86_64",
"product": {
"name": "git-lfs-0:3.4.1-2.el9_4.x86_64",
"product_id": "git-lfs-0:3.4.1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el9_4.s390x",
"product": {
"name": "git-lfs-0:3.4.1-2.el9_4.s390x",
"product_id": "git-lfs-0:3.4.1-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64"
},
"product_reference": "git-lfs-0:3.4.1-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le"
},
"product_reference": "git-lfs-0:3.4.1-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x"
},
"product_reference": "git-lfs-0:3.4.1-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src"
},
"product_reference": "git-lfs-0:3.4.1-2.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64"
},
"product_reference": "git-lfs-0:3.4.1-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-07T10:45:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2724"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-07T10:45:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2724"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-07T10:45:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2724"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-07T10:45:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2724"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
}
]
}
RHSA-2024:2901
Vulnerability from csaf_redhat - Published: 2024-05-23 14:09 - Updated: 2026-06-03 04:27Summary
Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update
Severity
Low
Notes
Topic: Custom Metrics Autoscaler Operator for Red Hat OpenShift including security
updates.
The following updates for the Custom Metric Autoscaler operator for Red Hat
OpenShift are now available:
* custom-metrics-autoscaler-adapter-container
* custom-metrics-autoscaler-admission-webhooks-container
* custom-metrics-autoscaler-container
* custom-metrics-autoscaler-operator-bundle-container
* custom-metrics-autoscaler-operator-container
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional
operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows
workloads to be scaled using additional metrics sources other than pod metrics.
This release builds upon updated compiler, runtime library, and base images for
the purpose of resolving any potential security issues present in previous
toolset versions.
This version makes use of newer tools and libraries to address the following
issues:
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
This release is based upon KEDA 2.12.1
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
47 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Custom Metrics Autoscaler Operator for Red Hat OpenShift including security\nupdates.\n\nThe following updates for the Custom Metric Autoscaler operator for Red Hat\nOpenShift are now available:\n\n* custom-metrics-autoscaler-adapter-container\n* custom-metrics-autoscaler-admission-webhooks-container\n* custom-metrics-autoscaler-container\n* custom-metrics-autoscaler-operator-bundle-container\n* custom-metrics-autoscaler-operator-container\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional\noperator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows\nworkloads to be scaled using additional metrics sources other than pod metrics.\nThis release builds upon updated compiler, runtime library, and base images for\nthe purpose of resolving any potential security issues present in previous\ntoolset versions.\n\nThis version makes use of newer tools and libraries to address the following\nissues:\ngolang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\ngolang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\ngolang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\ngolang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\ngolang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\ngolang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\nThis release is based upon KEDA 2.12.1",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2901",
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2901.json"
}
],
"title": "Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update",
"tracking": {
"current_release_date": "2026-06-03T04:27:36+00:00",
"generator": {
"date": "2026-06-03T04:27:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2901",
"initial_release_date": "2024-05-23T14:09:31+00:00",
"revision_history": [
{
"date": "2024-05-23T14:09:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T14:09:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T04:27:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Custom Metrics Autoscaler 2",
"product": {
"name": "OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Custom Metrics Autoscaler"
},
{
"branches": [
{
"category": "product_version",
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"product": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"product_id": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8\u0026tag=2.12.1-394"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"product": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"product_id": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8\u0026tag=2.12.1-394"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64",
"product": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64",
"product_id": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8\u0026tag=2.12.1-394"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"product": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"product_id": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle\u0026tag=2.12.1-394"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"product": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"product_id": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator\u0026tag=2.12.1-394"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64"
},
"product_reference": "custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64"
},
"product_reference": "custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64"
},
"product_reference": "custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64"
},
"product_reference": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
},
"product_reference": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T14:09:31+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2901"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel8@sha256:1b0955076b99b7b240ef4baf55c079a8bba0d779fff6828e9acae70f4c71ad2b_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-admission-webhooks-rhel8@sha256:cd17032a683ebcdee0a8566e9427cc4e20eaa7413489dc2f9739bb1338c4c4a1_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-operator-bundle@sha256:b37be6f77b561de87de3a1678ac59edf6fc56fac6eabb86d767013ba5beca423_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8-operator@sha256:de412b59e51684011b87900b31c46b04ef7b3f82b17ec65c9606b5d493aa8a69_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8@sha256:0a3f76360bc53346024baad729ee588e5bf8f616bfcdc31ebbe7772060ecd380_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
}
]
}
RHSA-2024:2941
Vulnerability from csaf_redhat - Published: 2024-05-21 09:58 - Updated: 2026-06-02 17:42Summary
Red Hat Security Advisory: RHACS 4.4 enhancement and security update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of RHACS 4.4.2 provides the following bug fixes:
* Before this update, Collector pods on nodes with 128 or more cores would fail with a `CrashLoopBackOff` status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue.
* This release updates the Scanner baseline vulnerability data to address changes made to the Red Hat security data feeds that were not compatible with earlier data from Scanner’s scheduled feed processing. This fixes various issues where vulnerabilities were detected for images containing packages that were incorrectly indicated as affected by a vulnerability.
* This release fixes a crash and rendering error in the network graph that occurs when Central is running an RHACS release of 4.3.6 or earlier and Sensor is running an RHACS release of 4.4.0 or later.
* Previously, RHACS did not update the alerts when violations changed. This release fixes the issue, and RHACS correctly updates the alerts when violations change.
This release provides the following changes:
* The default telemetry endpoint is now set to a Red Hat proxy.
* This release includes a new environment variable, ROX_API_TOKEN_FILE, that you can use to pass your API’s token file path to the `roxctl` CLI.
This releases updates the following items to patch vulnerabilities:
* (CVE-2023-45288) Go has been updated to release 1.21.9.
* (CVE-2023-45288) The `golang.org/x/net` module has been updated from release v0.22.0 to v0.23.0.
* (CVE-2024-29180) webpack-dev-middleware module has been updated form version 5.3.3 to 5.3.4.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.
7.4 (High)
Affected products
Fixed
39 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
45 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.4.2 provides the following bug fixes:\n\n* Before this update, Collector pods on nodes with 128 or more cores would fail with a `CrashLoopBackOff` status due to issues with how the CO-RE BPF allocated kernel memory. The patch release fixes this issue.\n* This release updates the Scanner baseline vulnerability data to address changes made to the Red Hat security data feeds that were not compatible with earlier data from Scanner\u2019s scheduled feed processing. This fixes various issues where vulnerabilities were detected for images containing packages that were incorrectly indicated as affected by a vulnerability.\n* This release fixes a crash and rendering error in the network graph that occurs when Central is running an RHACS release of 4.3.6 or earlier and Sensor is running an RHACS release of 4.4.0 or later.\n* Previously, RHACS did not update the alerts when violations changed. This release fixes the issue, and RHACS correctly updates the alerts when violations change.\n\nThis release provides the following changes:\n\n* The default telemetry endpoint is now set to a Red Hat proxy.\n* This release includes a new environment variable, ROX_API_TOKEN_FILE, that you can use to pass your API\u2019s token file path to the `roxctl` CLI.\n\nThis releases updates the following items to patch vulnerabilities:\n\n* (CVE-2023-45288) Go has been updated to release 1.21.9.\n* (CVE-2023-45288) The `golang.org/x/net` module has been updated from release v0.22.0 to v0.23.0.\n* (CVE-2024-29180) webpack-dev-middleware module has been updated form version 5.3.3 to 5.3.4.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:2941",
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html",
"url": "https://docs.openshift.com/acs/4.4/release_notes/44-release-notes.html"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2941.json"
}
],
"title": "Red Hat Security Advisory: RHACS 4.4 enhancement and security update",
"tracking": {
"current_release_date": "2026-06-02T17:42:16+00:00",
"generator": {
"date": "2026-06-02T17:42:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:2941",
"initial_release_date": "2024-05-21T09:58:45+00:00",
"revision_history": [
{
"date": "2024-05-21T09:58:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-21T09:58:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:42:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.4 for RHEL 8",
"product": {
"name": "RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.4.2-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.4.2-6"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.4.2-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64 as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x as a component of RHACS 4.4 for RHEL 8",
"product_id": "8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x",
"relates_to_product_reference": "8Base-RHACS-4.4"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-29180",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2024-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2270863"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer\u0027s machine. The lack of normalization before calling the middleware also allows the attacker to perform path traversal attacks on the target environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack-dev-middleware: lack of URL validation may lead to file leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in webpack-dev represents a important security issue due to its potential to expose sensitive files and compromise developer machines. By failing to validate URLs and normalize paths effectively, the middleware allows attackers to craft malicious requests that can retrieve arbitrary local files or perform unauthorized path traversal. This could lead to unauthorized access to confidential information, including source code, configuration files, and even system-level files. Given the widespread use of webpack-dev-middleware in web development environments, addressing this vulnerability promptly is important to prevent serious data breaches and protect the integrity of development processes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29180"
},
{
"category": "external",
"summary": "RHBZ#2270863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270863"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29180"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6",
"url": "https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6"
}
],
"release_date": "2024-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-21T09:58:45+00:00",
"details": "If you are using an earlier version of RHACS 4.4, you are advised to upgrade to patch release 4.4.2.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:2941"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:0e0fc51bc1bb082a01224bf0778ef0c8eef7e3ed27334c37a28a59b914cef697_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9e44f0ce6686996e385bc2ef062e57016f1b124dc7a8e63e2100ac28bdbf7d9c_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-central-db-rhel8@sha256:bbcf4bfd15c860a8e9345189063c129ba4d70d0e340e4a4f82a4ff5f993df368_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2008a094efbc5b5ad83cfc91bc22e58ede1a0cc575b542bb33fc76458b48c95b_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:2e0ff5e4ff6c47a9ff6b6e7f26c033341d2362a7b5798b3bae8f96521cdad286_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-rhel8@sha256:cc19c76bb9123c31e3f719a843c6a9074ba0603e67fe83349e35283bcd597c6f_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:02f81a9d3ee238a4741ea7d0000c5c87620491ed6f9e218fc101d08cc74d26c2_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:7d704bfa49659fcef56de71e15aff4542e5ac5e4644f905a25f9e25a6d535382_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:eefa59e9d0e012a94623efb71c34a267bf2bc9b10070eb394e51797affe5daad_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:596ffae8ac3bba59dc3dc7bd488d0732ac513c5c3e35761927d21d4fc0fa1392_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:6a56bd52c5fe2b2203aeb4fd37e6892a5f23b7d0abae10fc5e0d154344c8f1bf_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-main-rhel8@sha256:72ce43136e850f86fe675822e43dfd7d7e660ceaf2517d3f0a83f34d0d026007_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:4cadca01bf16098d0e243ef1aa02d2b7fa6d6d04ae3562b48174298e00a00705_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:5d6bf72214aaed0ee0bd16ba8ed707a63c7312936ea361850a716e3fda7e2c8e_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-operator-bundle@sha256:b800c559f4e93d6a8d7422128e26688b8872c589c92944cb46815ec2b7c68371_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:0038e1daba8fd9874063d7d25f86b086ba5f23d51aa76530802d324d78f74006_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:9dff6deaeae98ac7812d845cf1446cd3904a8066a777dc013ea9ee22f50ba16a_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-rhel8-operator@sha256:a53eaf71ed81cf3f109b44463a0b70c389d4330aeebed676970f8aa32780a008_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:5037ebcf2fbc8bd8bdac7ffb8b9aafb5c7d6c990c0f7cc149d89028d6ebd2a47_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:56edbd1f69da14ae4279f34a8149c7b6200625e853e995a78b5b64c0681f2383_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f0156b634592bb9556ce7112cba3f173469f61607da40780d07dee4032ec9a93_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:0a344d812fb72ad90e1e423d527347e2dc680fb10ea0d90aadacdb4c2a50e7f8_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:681ddb4c8dd62755a0e15ed1c4029065ddec65a06d12449f187180489daf9b5f_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:79c8938936e9022aba223bcec2b80ea5af9e6d4dd2e6671e274f16b32be0109d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:09f1b7a8be64cb152fbd31501274fc1f97b08e076af34111ebb50afa5384d746_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3476b790be420bc6b60c9cf53af38496dd4a4c83e0462f52e4b57dc23786e28_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:cae64828e29d8ef2628f346ec786450a3dffd4f2c73f57d719a98d9e119ad745_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:124865ec25d18e31bc385d1003275581e6679b7ca8775651be8f595ab558243d_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:8c0a614d1c7f43bd597b73e7f9a226502b79680b13aab0b33406327514f9aefb_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-rhel8@sha256:f4e7d9a40b47f219dc1dbb6584b9d936aa83ea3c642b7c32a41f7393180e5cb2_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:13229a675b026bccc86b1b6681431b932f6c938a9931923b1b1f98b052f64951_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:2268441224f9dd53b42990455199528c8049615126f6521b9b1a14be5409c84c_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:79a9120a84a63ad8d54eb913fc3c6b562921165432b5b40eaa3c0392dc6fa31b_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1b2f39b0f1fd77d312384394220b974fefeb2c07ed8a56fe68bf061d6beb3bdb_s390x",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:1e28b9001bf9e962499e7780ea2ad55fa3e9f06895392a8429741148682e7479_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9c39c394312c3db47234a63f6f387b2aeda0f80c184aacee13f56e596666f224_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:47742f7ccdf7f08ce0eb58f5608dfa5fdd0f51df8d7aaef58a5369a9179644ff_amd64",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:cb0b488798275236203dfdcc51b944a756f7cf46d753557507992c08e4b59dbf_ppc64le",
"8Base-RHACS-4.4:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d0d367a05ad533fe1b0216690caf4a8d270b452fc4f6cab276e45beef2c05b61_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webpack-dev-middleware: lack of URL validation may lead to file leak"
}
]
}
RHSA-2024:3259
Vulnerability from csaf_redhat - Published: 2024-05-22 11:47 - Updated: 2026-06-02 17:42Summary
Red Hat Security Advisory: go-toolset:rhel8 security update
Severity
Important
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
50 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3259",
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3259.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security update",
"tracking": {
"current_release_date": "2026-06-02T17:42:18+00:00",
"generator": {
"date": "2026-06-02T17:42:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3259",
"initial_release_date": "2024-05-22T11:47:21+00:00",
"revision_history": [
{
"date": "2024-05-22T11:47:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-22T11:47:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:42:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src (go-toolset:rhel8)",
"product_id": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=src\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=src\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src (go-toolset:rhel8)",
"product_id": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=src\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8)",
"product_id": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8)",
"product_id": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.21.2-3.module%2Bel8.10.0%2B21244%2B5b2d9000?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.21.9-1.module%2Bel8.10.0%2B21671%2Bb35c3b78?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020240412145753:a3795dee"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-22T11:47:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3259"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.21.9-1.module+el8.10.0+21671+b35c3b78.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
}
]
}
RHSA-2024:3346
Vulnerability from csaf_redhat - Published: 2024-05-23 18:12 - Updated: 2026-06-02 17:42Summary
Red Hat Security Advisory: git-lfs security update
Severity
Important
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
37 references
Acknowledgments
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)\n\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)\n\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3346",
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3346.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-02T17:42:20+00:00",
"generator": {
"date": "2026-06-02T17:42:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3346",
"initial_release_date": "2024-05-23T18:12:50+00:00",
"revision_history": [
{
"date": "2024-05-23T18:12:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T18:12:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:42:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el8_10.src",
"product": {
"name": "git-lfs-0:3.4.1-2.el8_10.src",
"product_id": "git-lfs-0:3.4.1-2.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el8_10.aarch64",
"product": {
"name": "git-lfs-0:3.4.1-2.el8_10.aarch64",
"product_id": "git-lfs-0:3.4.1-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el8_10.ppc64le",
"product": {
"name": "git-lfs-0:3.4.1-2.el8_10.ppc64le",
"product_id": "git-lfs-0:3.4.1-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el8_10.x86_64",
"product": {
"name": "git-lfs-0:3.4.1-2.el8_10.x86_64",
"product_id": "git-lfs-0:3.4.1-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.4.1-2.el8_10.s390x",
"product": {
"name": "git-lfs-0:3.4.1-2.el8_10.s390x",
"product_id": "git-lfs-0:3.4.1-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.4.1-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"product_id": "git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.4.1-2.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"product_id": "git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.4.1-2.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64"
},
"product_reference": "git-lfs-0:3.4.1-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le"
},
"product_reference": "git-lfs-0:3.4.1-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x"
},
"product_reference": "git-lfs-0:3.4.1-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src"
},
"product_reference": "git-lfs-0:3.4.1-2.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.4.1-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64"
},
"product_reference": "git-lfs-0:3.4.1-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T18:12:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2023-45289",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268018"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45289"
},
{
"category": "external",
"summary": "RHBZ#2268018",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268018"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45289"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T18:12:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect"
},
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T18:12:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T18:12:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debuginfo-0:3.4.1-2.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:git-lfs-debugsource-0:3.4.1-2.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
}
]
}
RHSA-2024:3617
Vulnerability from csaf_redhat - Published: 2024-07-01 00:52 - Updated: 2026-06-03 04:27Summary
Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9
Severity
Moderate
Notes
Topic: Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: The Kube Descheduler Operator for Red Hat OpenShift is an optional
operator that deploys the descheduler, which is responsible for
evicting pods based on certain strategies.
Security Fix(es):
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.
5.9 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.
5.4 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.
6.5 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Kube Descheduler Operator for Red Hat OpenShift is an optional\noperator that deploys the descheduler, which is responsible for\nevicting pods based on certain strategies.\n\nSecurity Fix(es):\n\n* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)\n* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)\n* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)\n* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)\n* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3617",
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "WRKLDS-1059",
"url": "https://issues.redhat.com/browse/WRKLDS-1059"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3617.json"
}
],
"title": "Red Hat Security Advisory: Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9",
"tracking": {
"current_release_date": "2026-06-03T04:27:37+00:00",
"generator": {
"date": "2026-06-03T04:27:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:3617",
"initial_release_date": "2024-07-01T00:52:46+00:00",
"revision_history": [
{
"date": "2024-07-01T00:52:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-07-01T00:52:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T04:27:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "KDO 5.0 for RHEL 9",
"product": {
"name": "KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:kube_descheduler_operator:5.0::el9"
}
}
}
],
"category": "product_family",
"name": "Kube Descheduler Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"product": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"product_id": "kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b?arch=amd64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/descheduler-rhel9\u0026tag=v5.0-31"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"product_id": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89?arch=amd64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-operator-bundle\u0026tag=v5.0-23"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"product_id": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351?arch=amd64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-rhel9-operator\u0026tag=v5.0-28"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"product": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"product_id": "kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0?arch=s390x\u0026repository_url=registry.redhat.io/kube-descheduler-operator/descheduler-rhel9\u0026tag=v5.0-31"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"product_id": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821?arch=s390x\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-operator-bundle\u0026tag=v5.0-23"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"product_id": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8?arch=s390x\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-rhel9-operator\u0026tag=v5.0-28"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"product": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"product_id": "kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f?arch=ppc64le\u0026repository_url=registry.redhat.io/kube-descheduler-operator/descheduler-rhel9\u0026tag=v5.0-31"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"product_id": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360?arch=ppc64le\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-operator-bundle\u0026tag=v5.0-23"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le",
"product_id": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac?arch=ppc64le\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-rhel9-operator\u0026tag=v5.0-28"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"product": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"product_id": "kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d?arch=arm64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/descheduler-rhel9\u0026tag=v5.0-31"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"product_id": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab?arch=arm64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-operator-bundle\u0026tag=v5.0-23"
}
}
},
{
"category": "product_version",
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"product": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"product_id": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35?arch=arm64\u0026repository_url=registry.redhat.io/kube-descheduler-operator/kube-descheduler-rhel9-operator\u0026tag=v5.0-28"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64"
},
"product_reference": "kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x"
},
"product_reference": "kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64"
},
"product_reference": "kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le"
},
"product_reference": "kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64 as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"relates_to_product_reference": "9Base-KDO-5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le as a component of KDO 5.0 for RHEL 9",
"product_id": "9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
},
"product_reference": "kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le",
"relates_to_product_reference": "9Base-KDO-5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45290",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268017"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in Go\u0027s net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45290"
},
{
"category": "external",
"summary": "RHBZ#2268017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45290"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://go.dev/cl/569341",
"url": "https://go.dev/cl/569341"
},
{
"category": "external",
"summary": "https://go.dev/issue/65383",
"url": "https://go.dev/issue/65383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2599",
"url": "https://pkg.go.dev/vuln/GO-2024-2599"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0004",
"url": "https://security.netapp.com/advisory/ntap-20240329-0004"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:52:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm"
},
{
"cve": "CVE-2024-24783",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268019"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24783"
},
{
"category": "external",
"summary": "RHBZ#2268019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24783"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2024/03/08/4",
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp",
"url": "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp"
},
{
"category": "external",
"summary": "https://go.dev/cl/569339",
"url": "https://go.dev/cl/569339"
},
{
"category": "external",
"summary": "https://go.dev/issue/65390",
"url": "https://go.dev/issue/65390"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2598",
"url": "https://pkg.go.dev/vuln/GO-2024-2598"
},
{
"category": "external",
"summary": "https://security.netapp.com/advisory/ntap-20240329-0005",
"url": "https://security.netapp.com/advisory/ntap-20240329-0005"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:52:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm"
},
{
"cve": "CVE-2024-24784",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268021"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/mail: comments in display names are incorrectly handled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24784"
},
{
"category": "external",
"summary": "RHBZ#2268021",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268021"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24784"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:52:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/mail: comments in display names are incorrectly handled"
},
{
"cve": "CVE-2024-24785",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"discovery_date": "2024-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268022"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: errors returned from MarshalJSON methods may break template escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24785"
},
{
"category": "external",
"summary": "RHBZ#2268022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268022"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24785"
},
{
"category": "external",
"summary": "https://go.dev/cl/564196",
"url": "https://go.dev/cl/564196"
},
{
"category": "external",
"summary": "https://go.dev/issue/65697",
"url": "https://go.dev/issue/65697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2610.json",
"url": "https://vuln.go.dev/ID/GO-2024-2610.json"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:52:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-07-01T00:52:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:587190a7b65ea56ce257ae486c0faa6616290fa39f81431359dc2b2d78521b4b_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:62da135a18b602beeef94dcf035d637b149206d017c83d7d630c5001795e1df0_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:664515e8e38df2bb2cb751e8c0870a1bcbbaf46e4feca86002b225c98610a40d_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/descheduler-rhel9@sha256:941359511dc5c78eada7f13f5800cb831bb00924e8007adf93201371f522ab6f_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:5041af3cc040d3e550599e6436bfddd1f449338bb54705273afbc8c4a0dde360_ppc64le",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:b26e5ebec8ffcfaf18c8c4acb8c25a71318ea7d3b372c9e3e170b6026a681a89_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:e4806d2fb547a29e2d33c8c6b2dd7ba2d0c3f23074384884b488077a19aa0bab_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-operator-bundle@sha256:ef62663d2e7fd44ea7705fc60471bfe504522c22e565fb975617eb0f03a2e821_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:0164ab8191aef77765861c677ab8c62ea648468e5be8283652b8200688e9cf35_arm64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:442e22a6292d7696a69d650f7e2f3873a3c3b947f70ccf16b97b70a2f6a7c9b8_s390x",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:93cca62bc492bb590667231b26eb5dd0b2c03d866e3035729029ad4bd7a2d351_amd64",
"9Base-KDO-5.0:kube-descheduler-operator/kube-descheduler-rhel9-operator@sha256:e60edf5aa0893cba72988c09ae340619accd37a7b171e2af873de37c44f449ac_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…