VulnerableCode Package Details - pkg:rpm/redhat/microshift@4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0?arch=el9

Search for packages

Vulnerability	Summary	Fixed by
VCID-f8ak-21d8-juff Aliases: CVE-2024-24786 GHSA-8r3f-844c-mc37	Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.	There are no reported fixed by versions.
VCID-pjvk-1xxm-87d8 Aliases: CVE-2024-3177 GHSA-pxhw-596r-rwq5	Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-f8ak-21d8-juff
Aliases:
CVE-2024-24786
GHSA-8r3f-844c-mc37

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

There are no reported fixed by versions.

VCID-pjvk-1xxm-87d8
Aliases:
CVE-2024-3177
GHSA-pxhw-596r-rwq5

Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:49:22.837068+00:00	RedHat Importer	Affected by	VCID-f8ak-21d8-juff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json	38.0.0
2026-04-01T13:48:16.192503+00:00	RedHat Importer	Affected by	VCID-pjvk-1xxm-87d8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3177.json	38.0.0

2026-04-01T13:49:22.837068+00:00

RedHat Importer

Affected by

VCID-f8ak-21d8-juff

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json

38.0.0

2026-04-01T13:48:16.192503+00:00

RedHat Importer

Affected by

VCID-pjvk-1xxm-87d8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3177.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.4