Astra Linux - уязвимость в golang-github-emicklei-go-restful

Authorization bypass through user-controlled keys in the GitHub repository in the emicklei/go-restful library, prior to version 3.8.0...

CLEANSTART-2026-HV28992 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

CLEANSTART-2026-YS66739 Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3

Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3. See references for individual vulnerability details...

Azure Linux 3.0 Security Update: sriov-network-device-plugin (CVE-2022-1996)

The version of sriov-network-device-plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1996 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restfu...

EUVD-2022-6141

Malicious code in bioql PyPI...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Red Hat is used by IBM Robotic Process Automation for Cloud Pak as part of base container images. CVE-2016-4074. getaddrinfo is used by IBM Robotic Process Automation for Cloud Pak as part of the ba...

Authorization Bypass Through User-Controlled Key in emicklei/go-restful

...

Security Bulletin: IBM Storage Fusion is vulnerable to authorization bypass due to go-restful.

Summary emicklei/go-restful is used by IBM Storage Fusion's isf-prereq-operator to create pre-requisite resources and deploy dependent operators. CVE-2022-1996. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused ...

RHEL 8 : openshift-gitops-kam (RHSA-2023:3229)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3229 advisory. Security Fixes: go-restful: Authorization Bypass Through User-Controlled Key CVE-2022-1996 For more details about the security issues, including the...

RHEL 9 : openshift-gitops-kam (RHSA-2023:3557)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3557 advisory. OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool Security Fixes: go-restful: Authorization Bypass Through User-Controlle...

RHEL 8 : Release of OpenShift Serverless Client kn 1.24.0 (Important) (RHSA-2022:6042)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6042 advisory. Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered a...

Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

Security Bulletin: A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions (CVE-2022-1996).

Summary A vulnerability in go-restful affects IBM Robotic Process Automation for Cloud Pak resulting in a bypass of security restrictions. go-restful is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework. This bulletin identifies the security fixes to apply to...

Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to an authorization bypass due to emicklei/go-restful [CVE-2022-1996]

Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by a vulnerability in emicklei/go-restful. The Vulnerability includes an authorization bypass through a user-controlled key as described by the CVE in the...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.

Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS...

go-restful: Authorization Bypass Through User-Controlled Key

A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2021-46848 DESCRIPTION: GNU Libtasn1 could allow a remote attacker to obtain sensitive information, caused by an out-of-bound access flaw in ETYPEOK. By sending a...

SUSE CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

Vulnerability fixed in Red Hat OpenShift

A vulnerability has been fixed in the go-restful component of Red Hat OpenShift. A remote malicious agent could potentially exploit it to bypass authentication on a specific endpoint bypass. To do this, the malicious party must use the AllowedDomains Cross-Origin Resource Sharing CORS filter. Red...