Lucene search

K
redhatRedHatRHSA-2024:3346
HistoryMay 23, 2024 - 2:21 p.m.

(RHSA-2024:3346) Important: git-lfs security update

2024-05-2314:21:44
access.redhat.com
5
git-lfs
security update
dos
sensitive headers
memory exhaustion
x509 verification panic
cvss score
cve page

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.2%

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.

Security Fix(es):

  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

  • golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)

  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.