Threats Tagged 'cve-2024-43788'

Red Hat OpenShift Service Mesh 2. 5. 5 addresses multiple security vulnerabilities across several components including Envoy, Send library, serve-static, webpack, and body-parser. These vulnerabilities range from code execution, denial of service, improper sanitization, to potential header manipulation. The advisory covers nine CVEs, including CVE-2024-23326 where Envoy incorrectly accepts HTTP 200 responses for entering upgrade mode, and others affecting HTTP/2 CPU exhaustion, infinite loops, and abnormal termination. The update is classified with high severity and is intended for Red Hat OpenShift Service Mesh on various architectures. Users are advised to apply the update after ensuring all previous errata are applied.

Red Hat Data Grid 8. 5. 2 addresses two security vulnerabilities: CVE-2024-47072, a denial of service vulnerability in the XStream library caused by stack overflow from manipulated binary input streams, and CVE-2024-43788, a DOM Clobbering vulnerability in webpack's AutoPublicPathRuntimeModule. These issues affect Red Hat Data Grid versions prior to 8. 5. 2. The update replaces version 8. 5. 1 and includes these security fixes along with other bug fixes and enhancements. Red Hat rates the update as important and recommends applying it after ensuring all previous errata are installed.

Red Hat has issued a security advisory for the Red Hat build of Cryostat 3 on RHEL 8 addressing two vulnerabilities: a DOM Clobbering issue in webpack's AutoPublicPathRuntimeModule (CVE-2024-43788) and an XSS vulnerability via prototype pollution in dompurify (CVE-2024-45801). Both vulnerabilities have been rated with a moderate security impact by Red Hat. The advisory provides an update to mitigate these issues and recommends applying the update after ensuring all previous errata are applied.

Red Hat OpenShift Service Mesh Containers for version 2. 4. 11 address multiple security vulnerabilities affecting components such as envoy, webpack, send library, and serve-static. These include an abnormal termination issue in envoy triggered by an authority header longer than 255 characters (CVE-2024-32475), an infinite loop in the Brotli decompressor (CVE-2024-32976), a DOM Clobbering vulnerability in webpack (CVE-2024-43788), a code execution vulnerability in the send library (CVE-2024-43799), and improper sanitization in serve-static (CVE-2024-43800). Red Hat has released an advisory (RHSA-2024:7724) detailing these fixes and recommends applying the update after ensuring all prior errata are installed.

Red Hat OpenShift Service Mesh Containers version 2. 6. 2 address multiple security vulnerabilities across several components including send, serve-static, express, path-to-regexp, webpack, body-parser, envoy, and curl. These vulnerabilities range from code execution, improper input handling, denial of service, to malicious log injection and header manipulation. The advisory covers a total of 10 CVEs with a high severity level. The update is important and intended for Red Hat OpenShift Service Mesh on various architectures including x86_64, ppc64le, s390x, and aarch64. Users are advised to apply the update after ensuring all previous errata are applied. No known exploits in the wild have been reported at this time.

Red Hat OpenShift Data Foundation 4. 16. 3 includes important bug fixes and enhancements addressing issues in disaster recovery monitoring, node labeling during StorageSystem deployment, and UI clarity. The update resolves problems such as missing snapshot sync details on the DR dashboard and incorrect dynamic node labels that affected installation in non-default namespaces. Users are advised to upgrade to the updated images to benefit from these fixes. No known exploits are reported in the wild for these issues. The advisory does not specify a CVSS score but categorizes the update as important with high severity.

Red Hat has released a security update for OpenShift Serverless Logic 1. 34. 0 addressing multiple vulnerabilities including a high-severity issue (CVE-2024-8391) where the Vertx gRPC server does not limit the maximum message size. Other fixed vulnerabilities include server-side request forgery in axios, improper input handling in Express redirects, code execution in the Send library, improper sanitization in serve-static, and a DOM clobbering vulnerability in webpack. These issues affect various components used within the OpenShift Serverless environment. The update includes security fixes, bug fixes, and enhancements. Red Hat rates the security impact as Important and recommends applying this update after ensuring all previous errata are applied.

Red Hat OpenShift Data Foundation 4.15 security, enhancement & bug fix update.

The 1.15.4 release of Red Hat OpenShift Pipelines Operator.