[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-4.fc36

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-krishicks-yaml-patch-0.0.10-8.20200307git05b3177.fc35

Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementat ion of JavaScript Object Notation JSON Patch, directly transposed to YAML...

[SECURITY] Fedora 35 Update: golang-github-evanphx-json-patch-5.5.0-3.fc35

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

Fedora: Security Advisory for golang-github-evanphx-json-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-krishicks-yaml-patch (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-evanphx-json-patch-5.5.0-3.fc36

Jsonpatch is a library which provides functionallity for both applying RFC6902 JSON patches against documents, as well as for calculating & applying RFC7396 JSON merge patches...

JSON-Patch Out-of-bounds Write vulnerability

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

GHSA-GXHV-3HWF-WJP9 JSON-Patch Out-of-bounds Write vulnerability

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management...

Kubernetes DoS Vulnerability

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch

A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...

Prototype Pollution in starcounter-jack/json-patch

Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...

RHEL 7 : OpenShift Container Platform 3.10 atomic-openshift (RHSA-2019:3239)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3239 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.10 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kubernetes security update

1.9.11-2.5.1 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.9.11-2.4.1 - CVE-2019-1002101 kubectl fix potential directory traversal 1.9.11-2.3.1 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000 - Fixup kubeadm-setup.s...

kubernetes security update

1.11.3-2.5.2 - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains 1.11.3-2.4.2 - CVE-2019-1002101 kubectl fix potential directory traversal 1.11.3-2.3.2 - CVE-2019-1002100 Limit the number of operations in a single json patch to be 10,000...

UBUNTU-CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

DEBIAN-CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

Google Kubernetes Denial of Service Vulnerability

Google Kubernetes is a set of open source Docker container cluster management system from the U.S. company Google Google. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. There is a security vulnerability ...

Denial Of Service (DoS)

github.com/kubernetes/kubernetes is vulnerable to denial of service. A user who is authorized to make patch requests to the Kubernetes API Server can send malicious patches of type json-patch to cause the server to consume excessive amounts of resources during processing, resulting in a denial of...