Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.18 Bug Fix Update
🔗 CVE IDs covered (10)
📋 Description
CVE-2024-11831 — npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript CVE-2024-21536 — http-proxy-middleware: Denial of Service CVE-2024-21538 — cross-spawn: regular expression denial of service CVE-2024-29041 — express: cause malformed URLs to be evaluated CVE-2024-29180 — webpack-dev-middleware: lack of URL validation may lead to file leak CVE-2024-37890 — nodejs-ws: denial of service when handling a request with many HTTP headers CVE-2024-39249 — nodejs-async: Regular expression denial of service while parsing function in autoinject CVE-2024-45338 — golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html CVE-2024-45590 — body-parser: Denial of Service Vulnerability in body-parser CVE-2024-48910 — dompurify: DOMPurify vulnerable to tampering by prototype pollution
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2025:8551
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2270863
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2290901
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2292777
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2295035
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2311171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2312579
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2319884
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2322949
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2324550
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2333122
- externalhttps://issues.redhat.com/browse/DFBUGS-2605
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8551.json