Threats Tagged 'cve-2026-12143'

Kiali 2.4.19, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fix(es): * CVE-2026-42338 openshift-service-mesh/kiali-ossmc-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14061) * CVE-2026-42338 openshift-service-mesh/kiali-rhel9: ip-address: Cross-site scripting via improper HTML escaping of untrusted input (OSSM-14069) * CVE-2026-39821 openshift-service-mesh/kiali-rhel9: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (OSSM-14072) * CVE-2026-44495 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14136) * CVE-2026-44495 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure due to prototype pollution vulnerability (OSSM-14140) * CVE-2026-44488 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14150) * CVE-2026-44488 openshift-service-mesh/kiali-rhel9: Axios: Denial of Service due to unenforced request and response size limits (OSSM-14155) * CVE-2026-44487 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14169) * CVE-2026-44487 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via redirect flows (OSSM-14178) * CVE-2026-44494 openshift-service-mesh/kiali-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14181) * CVE-2026-44494 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution (OSSM-14183) * CVE-2026-44496 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14190) * CVE-2026-44496 openshift-service-mesh/kiali-rhel9: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name (OSSM-14192) * CVE-2026-44486 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14194) * CVE-2026-44486 openshift-service-mesh/kiali-rhel9: Axios: Information disclosure of proxy credentials via HTTP redirects (OSSM-14208) * CVE-2026-44492 openshift-service-mesh/kiali-ossmc-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14218) * CVE-2026-44492 openshift-service-mesh/kiali-rhel9: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization (OSSM-14225) * CVE-2026-48779 openshift-service-mesh/kiali-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14302) * CVE-2026-48779 openshift-service-mesh/kiali-ossmc-rhel9: ws: Denial of Service via memory exhaustion from small WebSocket fragments (OSSM-14306) * CVE-2026-12143 openshift-service-mesh/kiali-ossmc-rhel9: form-data: Form field override via CRLF injection (OSSM-14334) * CVE-2026-12143 openshift-service-mesh/kiali-rhel9: form-data: Form field override via CRLF injection (OSSM-14339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.