3 matches found
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component (CVE-2023-26159,CVE-2023-44487).
Summary IBM Event Streams is vulnerable to a denial of service attack and Phishing attacks due to the follow-redirect and k8s.io/apiMAChinery component. The follow-redirect library is employed in event streams to seamlessly manage HTTP redirects, ensuring smooth navigation between resources witho...
Security Bulletin: IBM Storage Fusion may be vulnerable to Unauthorized requests (SSRF), Improper path traversal, via k8s.io/apimachinery, k8s.io/apiserver (CVE-2022-3172, CVE-2022-3162)
Summary Kubernetes' apimachinery and apiserver are used by IBM Storage Fusion to interact with the OpenShift platform. Vulnerabilities in these libraries include the possibility of unauthorized requests server-side request forgery and improper path traversal, as described the the CVEs listed in t...
GO-2022-0965 Unbounded recursion in JSON parsing in k8s.io/apimachinery
Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics...