Red Hat openshift-serverless-clients kn 1.33.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.33.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms.
This release includes security, bug fixes, and enhancements.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785) * golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784) * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783) * golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289) * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
A Red Hat Security Bulletin, which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2023-45288: Uncontrolled Resource Consumption (CWE-400) CVE-2023-45289: Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) CVE-2023-45290: Improper Input Validation (CWE-20) CVE-2024-24783: Uncontrolled Resource Consumption (CWE-400) CVE-2024-24784: Misinterpretation of Input (CWE-115) CVE-2024-24785: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
|