VulnerableCode Package Details - pkg:rpm/redhat/openshift-serverless-1-eventing-in-memory-channel-dispatcher-rhel8@container-0.23?arch=0-5

Search for packages

Package details: pkg:rpm/redhat/openshift-serverless-1-eventing-in-memory-channel-dispatcher-rhel8@container-0.23?arch=0-5

Essentials
History (0)

purl	pkg:rpm/redhat/openshift-serverless-1-eventing-in-memory-channel-dispatcher-rhel8@container-0.23?arch=0-5

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-2ps9-t61s-aaan Aliases: CVE-2021-33196	In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.	There are no reported fixed by versions.
VCID-5am3-9pkt-aaak Aliases: CVE-2021-3703	CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196	There are no reported fixed by versions.
VCID-b1t1-32t4-aaaf Aliases: CVE-2021-33195	Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.	There are no reported fixed by versions.
VCID-gfdc-2q2q-aaak Aliases: CVE-2021-34558	The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.	There are no reported fixed by versions.
VCID-gk52-c5p2-aaam Aliases: CVE-2021-27918	encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.	There are no reported fixed by versions.
VCID-mtfq-ngz6-aaad Aliases: CVE-2021-31525 GHSA-h86h-8ppg-mxmh	net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.	There are no reported fixed by versions.
VCID-qggy-g6kz-aaaj Aliases: CVE-2021-33198	In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.	There are no reported fixed by versions.
VCID-tdq5-pwwt-aaan Aliases: CVE-2021-33197	In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version