Описание
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Affected | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Affected | ||
| Confidential Compute Attestation | build-of-trustee/trustee-rhel9-operator | Affected | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Affected | ||
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel8 | Affected | ||
| ExternalDNS Operator | edo/external-dns-rhel9 | Affected | ||
| External Secrets Operator for Red Hat OpenShift | external-secrets-operator/external-secrets-rhel9 | Affected | ||
| Fence Agents Remediation Operator | workload-availability/fence-agents-remediation-rhel8-operator | Affected | ||
| Gatekeeper 3 | gatekeeper/gatekeeper-rhel9-operator | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
url.Parse insufficiently validated the host/authority component and ac ...
EPSS
7.5 High
CVSS3