RHSA-2022:6156HighCVSS 9.3

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update

Published
August 24, 2022
Last Modified
June 29, 2026

🔗 CVE IDs covered (19)

📋 Description

CVE-2021-23440 — nodejs-set-value: type confusion allows bypass of CVE-2019-10747 CVE-2021-23566 — nanoid: Information disclosure via valueOf() function CVE-2022-0235 — node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0536 — follow-redirects: Exposure of Sensitive Information via Authorization Header leak CVE-2022-1650 — eventsource: Exposure of Sensitive Information CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2022-23772 — golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString CVE-2022-23773 — golang: cmd/go: misinterpretation of branch names can lead to incorrect access control CVE-2022-23806 — golang: crypto/elliptic: IsOnCurve returns true for invalid field elements CVE-2022-24675 — golang: encoding/pem: fix stack overflow in Decode CVE-2022-24771 — node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery CVE-2022-24772 — node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery CVE-2022-24773 — node-forge: Signature verification leniency in checking DigestInfo structure CVE-2022-24785 — Moment.js: Path traversal in moment.locale CVE-2022-24921 — golang: regexp: stack exhaustion via a deeply nested expression CVE-2022-28327 — golang: crypto/elliptic: panic caused by oversized scalar CVE-2022-29526 — golang: syscall: faccessat checks wrong group CVE-2022-29810 — go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses CVE-2022-31129 — moment: inefficient parsing algorithm resulting in DoS

🔗 References (139)