Описание
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk "*".
Отчет
Goproxy is only susceptible to this vulnerability when used in MITM (Man In The Middle) mode. This use case is not relevant to any Red Hat products, so the impact is rated as Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Not affected | ||
| Cryostat 2 | cryostat-tech-preview/cryostat-rhel8-operator | Not affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8 | Not affected | ||
| Custom Metric Autoscaler operator for Red Hat Openshift | custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel8-operator | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel8-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/lokistack-gateway-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.
goproxy v1.1 was discovered to contain an issue which can lead to a De ...
7.5 High
CVSS3