Search for packages
| purl | pkg:rpm/redhat/openshift-serverless-1-serving-storage-version-migration-rhel8@container-1.3?arch=0-3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3jz7-muy2-aaam
Aliases: CVE-2022-30631 |
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | There are no reported fixed by versions. |
|
VCID-4jac-1s1e-aaag
Aliases: CVE-2022-30635 |
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | There are no reported fixed by versions. |
|
VCID-6vwn-qdd6-aaab
Aliases: CVE-2022-1962 |
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | There are no reported fixed by versions. |
|
VCID-7jyw-7cbe-aaag
Aliases: CVE-2022-1705 |
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | There are no reported fixed by versions. |
|
VCID-cn47-xzgw-aaas
Aliases: CVE-2022-32148 |
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | There are no reported fixed by versions. |
|
VCID-ftf6-7n4e-aaaf
Aliases: CVE-2022-30633 |
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | There are no reported fixed by versions. |
|
VCID-m6nh-ysj9-aaar
Aliases: CVE-2022-30629 |
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | There are no reported fixed by versions. |
|
VCID-nq47-th3r-aaaj
Aliases: CVE-2022-28131 |
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | There are no reported fixed by versions. |
|
VCID-q8fq-1yrc-aaag
Aliases: CVE-2022-24921 |
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | There are no reported fixed by versions. |
|
VCID-qb57-mgen-aaab
Aliases: CVE-2022-1996 GHSA-r48q-9g5r-8q2h |
CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key | There are no reported fixed by versions. |
|
VCID-qkhh-p4bq-aaar
Aliases: CVE-2022-30632 |
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | There are no reported fixed by versions. |
|
VCID-trc1-jwfd-aaaa
Aliases: CVE-2022-30630 |
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | There are no reported fixed by versions. |
|
VCID-tzxf-ndv1-aaan
Aliases: CVE-2022-21698 GHSA-cg3q-j54f-5p7p |
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. | There are no reported fixed by versions. |
|
VCID-uwz1-rspm-aaaj
Aliases: CVE-2022-24675 |
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | There are no reported fixed by versions. |
|
VCID-xy23-uwrw-aaad
Aliases: CVE-2022-28327 |
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|