RHSA-2021:3851HighCVSS 8.1
Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images
🔗 CVE IDs covered (5)
📋 Description
CVE-2020-8911 — aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang CVE-2020-8912 — aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang CVE-2021-3442 — RHOAM: XSS in 3scale at various places CVE-2021-3814 — 3scale: missing validation of access token CVE-2021-23017 — nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2021:3851
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1869800
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1869801
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1930083
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3851.json