Threats Tagged 'cve-2024-45590'

Red Hat OpenShift Data Foundation 4. 15. 14 includes a bug fix update addressing multiple security vulnerabilities across various components such as serialize-javascript, body-parser, http-proxy-middleware, and others. These vulnerabilities include cross-site scripting (XSS), denial of service (DoS), prototype pollution, and URL validation issues. The update is classified as important and targets Red Hat OpenShift Data Foundation running on Red Hat Enterprise Linux 9 across multiple architectures. The advisory references 12 CVEs fixed in this release, including CVE-2024-11831. No known exploits in the wild have been reported. Users are advised to apply this update after ensuring all previous errata are applied.

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API.

OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift DataFoundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3 compatible API. Security Fix(es): * express: cause malformed URLs to be evaluated (CVE-2024-29041) * nodejs-async: Regular expression denial of service while parsing function in autoinject (CVE-2024-39249) * body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590) * npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript (CVE-2024-11831) * http-proxy-middleware: Denial of Service (CVE-2024-21536) * golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338) * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The Cluster Observability Operator version 0. 4. 1 for Red Hat Enterprise Linux 8 addresses multiple security vulnerabilities, including CVE-2024-6104 where the go-retryablehttp library might log sensitive information, and CVE-2024-24786 involving an infinite loop in protojson. Unmarshal when processing certain invalid JSON inputs. These issues have been fixed in this update. The advisory covers several other CVEs and related bug fixes. The vulnerabilities are rated as moderate severity by Red Hat. No known exploits are reported in the wild at this time.