RHSA-2024:6667HighCVSS 8.8

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release

Published
September 12, 2024
Last Modified
June 28, 2026

🔗 CVE IDs covered (7)

📋 Description

CVE-2021-0341 — okhttp: information disclosure via improperly used cryptographic function CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2024-6345 — pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools CVE-2024-22234 — spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated CVE-2024-30260 — nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline CVE-2024-30261 — nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect CVE-2024-39338 — axios: axios: Server-Side Request Forgery

🔗 References (4)