Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-25564

CVE-2020-26160 & CVE-2024-27304

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • Maestro
    • ACM Maestro Train-33
    • Critical
    • None

      Description of problem:

       

      ─────────────────────────────┬────────────────┬──────────┬──────────┬─────────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────────────────────────┼────────────────┼──────────┼──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/dgrijalva/jwt-go │ CVE-2020-26160 │ HIGH │ affected │ v3.2.0+incompatible │ │ jwt-go: access restriction bypass vulnerability │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-26160 │ ├─────────────────────────────┼────────────────┤ ├──────────┼─────────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/jackc/pgx/v5 │ CVE-2024-27304 │ │ fixed │ v5.3.0 │ 5.5.4 │ pgx: SQL Injection via Protocol Message Size Overflow │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-27304 │ └─────────────────────────────┴────────────────┴──────────┴──────────┴─────────────────────┴───────────────┴───────────────────────────────────────────────────────┘

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

              clyang82 Chunlin Yang
              clyang82 Chunlin Yang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: