RHSA-2024:8676HighCVSS 7.5

Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update

Published
October 30, 2024
Last Modified
May 26, 2026

🔗 CVE IDs covered (12)

CVE-2024-45590CVE-2024-24789CVE-2024-43788CVE-2024-43796CVE-2024-45296CVE-2023-26136CVE-2023-26364CVE-2024-24786CVE-2024-28176CVE-2024-41818CVE-2024-43799CVE-2024-43800

📋 Description

CVE-2023-26136 — tough-cookie: prototype pollution in cookie memstore CVE-2023-26364 — css-tools: Improper Input Validation causes Denial of Service via Regular Expression CVE-2024-24786 — golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON CVE-2024-24789 — golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-28176 — jose: resource exhaustion CVE-2024-41818 — fast-xml-parser: ReDOS at currency parsing in currency.js CVE-2024-43788 — webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule CVE-2024-43796 — express: Improper Input Handling in Express Redirects CVE-2024-43799 — send: Code Execution Vulnerability in Send Library CVE-2024-43800 — serve-static: Improper Sanitization in serve-static CVE-2024-45296 — path-to-regexp: Backtracking regular expressions cause ReDoS CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser

🔗 References (132)