Описание
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket.
Отчет
As got is only a transitive dependency of a development dependency of kiali OpenShift Service Mesh as well as being removed in version 2.2+, this flaw will not be fixed at this time for the openshift-istio-kiali-rhel8-container.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Fix deferred | ||
| .NET 6.0 on Red Hat Enterprise Linux | rh-dotnet60-dotnet | Affected | ||
| OpenShift Developer Tools and Services | odo | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Will not fix | ||
| OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-api-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.
The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...
EPSS
5.3 Medium
CVSS3