Описание
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | send | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Not affected | ||
| Migration Toolkit for Applications 7 | mta/mta-cli-rhel9 | Will not fix | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Will not fix | ||
| Migration Toolkit for Runtimes | send | Will not fix | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Not affected | ||
| Node HealthCheck Operator | workload-availability/node-remediation-console-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
send vulnerable to template injection that can lead to XSS
Send is a library for streaming files from the file system as a http r ...
send vulnerable to template injection that can lead to XSS
EPSS
5 Medium
CVSS3