Описание
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | io.cryostat-cryostat3 | Fix deferred | ||
| Cryostat 4 | io.cryostat-cryostat | Fix deferred | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Fix deferred | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-db-migration-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8 | Fix deferred |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-670
https://bugzilla.redhat.com/show_bug.cgi?id=2359627http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware
EPSS
Процентиль: 18%
0.00056
Низкий
4 Medium
CVSS3
Связанные уязвимости
CVSS3: 4
nvd
10 месяцев назад
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVSS3: 4
github
10 месяцев назад
http-proxy-middleware can call writeBody twice because "else if" is not used
EPSS
Процентиль: 18%
0.00056
Низкий
4 Medium
CVSS3