RHBA-2024:11265HighCVSS 7.5
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.
🔗 CVE IDs covered (8)
📋 Description
CVE-2024-21536 — http-proxy-middleware: Denial of Service CVE-2024-21538 — cross-spawn: regular expression denial of service CVE-2024-45296 — path-to-regexp: Backtracking regular expressions cause ReDoS CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser CVE-2024-45815 — plugin-catalog-backend: prototype pollution vulnerability CVE-2024-45816 — plugin-techdocs-backend: storage bucket directory traversal in TechDocs CVE-2024-46976 — plugin-techdocs-backend: circumvention of XSS protection in TechDocs CVE-2024-47762 — backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHBA-2024:11265
- externalhttps://developers.redhat.com/rhdh/overview
- externalhttps://docs.redhat.com/en/documentation/red_hat_developer_hub
- externalhttps://catalog.redhat.com/search?gs&searchType=containers&q=rhdh
- externalhttps://access.redhat.com/security/cve/CVE-2024-21536
- externalhttps://access.redhat.com/security/cve/CVE-2024-21538
- externalhttps://access.redhat.com/security/cve/CVE-2024-45296
- externalhttps://access.redhat.com/security/cve/CVE-2024-45590
- externalhttps://access.redhat.com/security/cve/CVE-2024-45815
- externalhttps://access.redhat.com/security/cve/CVE-2024-45816
- externalhttps://access.redhat.com/security/cve/CVE-2024-46976
- externalhttps://access.redhat.com/security/cve/CVE-2024-47762
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_11265.json