Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-1220

Fix CVE-2022-32149

XMLWordPrintable

    • False
    • None
    • False
    • Hide
      Before this update a security vulnerability CVE-2022-32149 was noted in Service Binding Operator. An attacker may have caused a denial of service by crafting an Accept-Language header which ParseAcceptLanguage would take significant time to parse. This update fixes the CVE-2022-32149 by updating golang.org/x/text package from v0.3.7 to v0.3.8.
      Show
      Before this update a security vulnerability CVE-2022-32149 was noted in Service Binding Operator. An attacker may have caused a denial of service by crafting an Accept-Language header which ParseAcceptLanguage would take significant time to parse. This update fixes the CVE-2022-32149 by updating golang.org/x/text package from v0.3.7 to v0.3.8.
    • AppSvc Sprint 226

      Description of problem:

      https://access.redhat.com/security/cve/CVE-2022-32149

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. <steps>

      Actual results:

      Expected results:

      Reproducibility (Always/Intermittent/Only Once):

      Build Details:

      Additional info:

      Documentation Requirement: Yes/No (needs-docs|upstream-docs / no-doc)

      Upstream: <Inputs/Requirement details>/ Not Applicable

      Downstream: <Type: Doc defect/More inputs to doc>/ Not Applicable

      Provide link to the relevant section
      Provide doc inputs and details required

      Release Notes Type: <New Feature/Enhancement/Known Issue/Bug
      fix/Breaking change/Deprecated Functionality/Technology Preview>

              pmacik@redhat.com Pavel Macik
              pmacik@redhat.com Pavel Macik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: