RHSA-2023:1428HighCVSS 8.8
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update
🔗 CVE IDs covered (8)
📋 Description
CVE-2020-36567 — gin: Unsanitized input in the default logger in github.com/gin-gonic/gin CVE-2022-24999 — express: "qs" prototype poisoning causes the hang of the node process CVE-2022-25881 — http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability CVE-2022-25927 — ua-parser-js: ReDoS vulnerability via the trim() function CVE-2022-37603 — loader-utils: Regular expression denial of service CVE-2022-38900 — decode-uri-component: improper input validation resulting in DoS CVE-2022-46175 — json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-48285 — jszip: directory traversal via a crafted ZIP archive
🔗 References (18)
- selfhttps://access.redhat.com/errata/RHSA-2023:1428
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140597
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2143389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150323
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2152149
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2156263
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2156683
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2163485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165020
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165797
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170644
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173742
- externalhttps://issues.redhat.com/browse/MIG-1298
- externalhttps://issues.redhat.com/browse/MIG-1315
- externalhttps://issues.redhat.com/browse/MIG-1318
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json