RHSA-2022:8250MediumCVSS 7.5
Red Hat Security Advisory: grafana-pcp security update
🔗 CVE IDs covered (6)
📋 Description
CVE-2022-1705 — golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-30630 — golang: io/fs: stack exhaustion in Glob CVE-2022-30631 — golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30632 — golang: path/filepath: stack exhaustion in Glob CVE-2022-30635 — golang: encoding/gob: stack exhaustion in Decoder.Decode CVE-2022-32148 — golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2022:8250
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107342
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107374
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107386
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2107388
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8250.json