Migration Toolkit for Applications 7.0.3 Images
Security Fix(es) from Bugzilla:
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
axios: exposure of confidential data stored in cookies (CVE-2023-45857)
css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
follow-redirects: Possible credential leak (CVE-2024-28849)