Описание
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | io.cryostat-cryostat3 | Fix deferred | ||
| Cryostat 4 | io.cryostat-cryostat | Fix deferred | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Fix deferred | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-db-migration-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8 | Fix deferred |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-670
https://bugzilla.redhat.com/show_bug.cgi?id=2359627http-proxy-middleware: Always-Incorrect Control Flow Implementation in http-proxy-middleware
4 Medium
CVSS3
Связанные уязвимости
CVSS3: 4
nvd
5 месяцев назад
In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.
CVSS3: 4
github
5 месяцев назад
http-proxy-middleware can call writeBody twice because "else if" is not used
4 Medium
CVSS3