drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Red Hat OpenShift Data Foundation
Name: |
Mehrere Probleme in Red Hat OpenShift Data Foundation |
|
ID: |
RHSA-2025:0082 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat RHODF 4.16 for RHEL 9 |
|
Datum: |
Do, 9. Januar 2025, 16:20 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2024-48910
https://access.redhat.com/security/cve/CVE-2024-43800
https://bugzilla.redhat.com/show_bug.cgi?id=2322949
https://bugzilla.redhat.com/show_bug.cgi?id=2311152
https://bugzilla.redhat.com/show_bug.cgi?id=2331063
https://access.redhat.com/security/cve/CVE-2023-26136
https://access.redhat.com/security/cve/CVE-2024-21538
https://bugzilla.redhat.com/show_bug.cgi?id=2311154
https://bugzilla.redhat.com/show_bug.cgi?id=2311153
https://bugzilla.redhat.com/show_bug.cgi?id=2219310
https://access.redhat.com/security/cve/CVE-2024-43799
https://access.redhat.com/security/cve/CVE-2024-43796
https://bugzilla.redhat.com/show_bug.cgi?id=2295310
https://access.redhat.com/security/cve/CVE-2024-55565
https://access.redhat.com/errata/RHSA-2025:0082
https://access.redhat.com/security/cve/CVE-2023-26364
https://access.redhat.com/security/cve/CVE-2024-24791
https://bugzilla.redhat.com/show_bug.cgi?id=2324550
https://bugzilla.redhat.com/show_bug.cgi?id=2310908
https://bugzilla.redhat.com/show_bug.cgi?id=2250364
https://access.redhat.com/security/cve/CVE-2024-45296 |
|
Applikationen: |
Red Hat OpenShift Data Foundation |
|
Originalnachricht |
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.5 on Red Hat Enterprise Linux 9 from Red Hat Container Registry.
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.
Security Fix(es) from Bugzilla:
* dompurify: DOMPurify vulnerable to tampering by prototype pollution (CVE-2024-48910)
* tough-cookie: prototype pollution in cookie memstore (CVE-2023-26136)
* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
* path-to-regexp: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* express: Improper Input Handling in Express Redirects (CVE-2024-43796)
* send: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* serve-static: Improper Sanitization in serve-static (CVE-2024-43800)
* nanoid: nanoid mishandles non-integer values (CVE-2024-55565)
* cross-spawn: regular expression denial of service (CVE-2024-21538)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2023-26136: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) CVE-2023-26364: Improper Input Validation (CWE-20) CVE-2024-21538: Inefficient Regular Expression Complexity (CWE-1333) CVE-2024-24791: Improper Input Validation (CWE-20) CVE-2024-43796: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2024-43799: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2024-43800: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) CVE-2024-45296: Inefficient Regular Expression Complexity (CWE-1333) CVE-2024-48910: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321) CVE-2024-55565: Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)
|
|
|
|