The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.
[
{
"product": "OpenShift",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "OpenShift 4.9"
}
]
}
]