Threats Tagged 'cve-2024-6104'

Red Hat OpenShift Container Platform 4. 14. 54 includes important security updates addressing multiple vulnerabilities in underlying Golang libraries. These include issues such as non-linear parsing of case-insensitive content, unexpected memory consumption during token parsing, excessive memory allocation during JWT header parsing, and potential leakage of sensitive information to log files. The update is rated with an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 14 are advised to upgrade to the updated packages and container images via the appropriate release channels using the OpenShift CLI or web console.

Red Hat OpenShift Container Platform 4. 18. 1 includes multiple security fixes addressing vulnerabilities in components such as golang. org/x/net/html, go-git, containers/image, go-retryablehttp, ose-olm-catalogd-container, golang-protobuf, and GraphQL. These vulnerabilities range from denial of service, argument injection, infinite loops during JSON unmarshaling, to potential leakage of sensitive information in logs. The update is rated as having an important security impact by Red Hat Product Security. Users of OpenShift Container Platform 4. 18 are advised to upgrade to the updated packages and container images as soon as they become available in the appropriate release channels.

The Cluster Observability Operator version 0. 4. 1 for Red Hat Enterprise Linux 8 addresses multiple security vulnerabilities, including CVE-2024-6104 where the go-retryablehttp library might log sensitive information, and CVE-2024-24786 involving an infinite loop in protojson. Unmarshal when processing certain invalid JSON inputs. These issues have been fixed in this update. The advisory covers several other CVEs and related bug fixes. The vulnerabilities are rated as moderate severity by Red Hat. No known exploits are reported in the wild at this time.