RHEA-2024:7870HighCVSS 7.5
Red Hat Enhancement Advisory: Red Hat OpenShift Pipelines Operator Bundle 1.16.0 release
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-28863 — node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-29041 — express: cause malformed URLs to be evaluated CVE-2024-29180 — webpack-dev-middleware: lack of URL validation may lead to file leak CVE-2024-39338 — axios: axios: Server-Side Request Forgery
🔗 References (4)
- selfhttps://access.redhat.com/errata/RHEA-2024:7870
- externalhttps://docs.openshift.com/container-platform/4.14/cicd/pipelines/understanding-openshift-pipelines.html
- externalhttps://issues.redhat.com/browse/SRVKP-3933
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhea-2024_7870.json