Lucene search

K
redhatRedHatRHSA-2024:3316
HistoryMay 23, 2024 - 6:30 a.m.

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

2024-05-2306:30:18
access.redhat.com
3
golang
webpack-dev-middleware
axios
css-tools
go-resty
crypto/tls
follow-redirects
golang-protobuf
migration toolkit
security update
bug fix
dos
redos
credential leak

7.4 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

Migration Toolkit for Applications 7.0.3 Images

Security Fix(es) from Bugzilla:

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

  • webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

  • axios: exposure of confidential data stored in cookies (CVE-2023-45857)

  • css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)

  • go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)

  • golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

  • css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)

  • follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

  • follow-redirects: Possible credential leak (CVE-2024-28849)

7.4 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%