Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:3316
HistoryMay 23, 2024 - 6:30 a.m.

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

2024-05-2306:30:18
access.redhat.com
4
golang
webpack-dev-middleware
axios
css-tools
go-resty
crypto/tls
follow-redirects
golang-protobuf
migration toolkit
security update
bug fix
dos
redos
credential leak

7.4 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Migration Toolkit for Applications 7.0.3 Images

Security Fix(es) from Bugzilla:

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

  • webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

  • axios: exposure of confidential data stored in cookies (CVE-2023-45857)

  • css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)

  • go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)

  • golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

  • css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)

  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

  • follow-redirects: Possible credential leak (CVE-2024-28849)

Related

redhat 31
osv 23
nessus 73
rocky 5
oraclelinux 10
almalinux 9
amazon 3
freebsd 1
openvas 30
ibm 3
redos 1
mageia 2
debian 2
ubuntu 4
cloudfoundry 1
f5 1
redhat
redhat
(RHSA-2024:2901) Low: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update
2024-05-23 14:07:36
(RHSA-2024:2933) Important: logging for Red Hat OpenShift security update
2024-05-23 06:15:17
(RHSA-2024:2562) Important: golang security update
2024-04-30 11:38:52
osv
osv
Important: golang security update
2024-05-10 14:32:42
Important: golang security update
2024-04-30 00:00:00
Important: go-toolset:rhel8 security update
2024-06-14 13:59:30
nessus
nessus
Oracle Linux 9 : golang (ELSA-2024-2562)
2024-05-08 00:00:00
Rocky Linux 9 : golang (RLSA-2024:2562)
2024-05-14 00:00:00
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)
2024-05-28 00:00:00
rocky
rocky
go-toolset:rhel8 security update
2024-06-14 13:59:30
golang security update
2024-05-10 14:32:42
git-lfs security update
2024-05-10 14:32:42
oraclelinux
oraclelinux
golang security update
2024-05-07 00:00:00
go-toolset:ol8 security update
2024-05-29 00:00:00
openssl and openssl-fips-provider security update
2024-05-03 00:00:00
almalinux
almalinux
Important: golang security update
2024-04-30 00:00:00
Important: go-toolset:rhel8 security update
2024-05-22 00:00:00
Low: openssl and openssl-fips-provider security update
2024-04-30 00:00:00
amazon
amazon
Medium: golang
2024-05-23 22:04:00
Low: java-17-amazon-corretto
2024-04-24 22:15:00
Low: java-11-amazon-corretto
2024-04-24 22:15:00
freebsd
freebsd
go -- multiple vulnerabilities
2024-03-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0811-1)
2024-03-11 00:00:00
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:0812-1)
2024-03-25 00:00:00
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1410)
2024-03-21 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to multiple CVEs in Avahi
2023-07-28 14:38:12
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
2024-04-23 14:11:37
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.
2024-04-30 07:19:33
redos
redos
ROS-20240422-05
2024-04-22 00:00:00
mageia
mageia
Updated avahi packages fix security vulnerabilities
2024-01-25 14:21:08
Updated quictls packages fix security vulnerabilities
2024-02-15 02:02:34
debian
debian
[SECURITY] [DSA 5672-1] openjdk-17 security update
2024-04-22 14:23:20
[SECURITY] [DSA 5671-1] openjdk-11 security update
2024-04-22 08:40:05
ubuntu
ubuntu
Avahi vulnerabilities
2023-11-20 00:00:00
OpenJDK 21 vulnerabilities
2024-06-06 00:00:00
OpenJDK 17 vulnerabilities
2024-06-06 00:00:00
cloudfoundry
cloudfoundry
USN-6622-1: OpenSSL vulnerabilities | Cloud Foundry
2024-02-29 00:00:00
f5
f5
K000139377 : OpenJDK vulnerabilities CVE-2024-21011, CVE-2024-21012, CVE-2024-21068, CVE-2024-21085, and CVE-2024-21094
2024-04-23 00:00:00

7.4 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON
Related for RHSA-2024:3316
redhat31osv23nessus73rocky5oraclelinux10almalinux9amazon3freebsd1openvas30ibm3redos1mageia2debian2ubuntu4cloudfoundry1f51