(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images

Security Fix(es) from Bugzilla:

• golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

• webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

• axios: exposure of confidential data stored in cookies (CVE-2023-45857)

• css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)

• go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)

• golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)

• golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)

• css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)

• follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

• golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

• follow-redirects: Possible credential leak (CVE-2024-28849)