RHEA-2021:0729MediumCVSS 7.5
Red Hat Enhancement Advisory: Red Hat Advanced Cluster Management for Kubernetes version 2.2 images
🔗 CVE IDs covered (8)
📋 Description
CVE-2020-10675 — golang-github-buger-jsonparser: infinite loop via a Delete call CVE-2020-15168 — node-fetch: size of data after fetch() JS thread leads to DoS CVE-2020-15184 — helm: Chart.yaml is not properly sanitized lead to injection of unwanted information into chart CVE-2020-15185 — helm: write access to the index file allows an attacker to inject bad chart into repository CVE-2020-15186 — helm: plugin names are not sanitized properly CVE-2020-15187 — helm: write access to the git repository or plugin archive causing causing a local execution attack CVE-2020-35381 — jsonparser: GET call can lead to a slice bounds out of range CVE-2020-35668 — redisgraph: NULL pointer dereference because it mishandles an unquoted string
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHEA-2021:0729
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1867467
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1891510
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1893876
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1896757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1899147
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1913447
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1915503
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1924396
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_0729.json