Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.15.0 release

CVE-2022-3064 — go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-21698 — prometheus/client_golang: Denial of service using InstrumentHandlerCounter CVE-2022-28948 — golang-gopkg-yaml: crash when attempting to deserialize invalid input CVE-2022-46175 — json5: Prototype Pollution in JSON5 via Parse Method CVE-2023-6378 — logback: serialization vulnerability in logback receiver CVE-2023-39325 — golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) CVE-2023-41080 — tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-44487 — HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) CVE-2023-45288 — golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45648 — tomcat: incorrectly parsed http trailer headers can cause request smuggling