Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-1220

Fix CVE-2022-32149

    XMLWordPrintable

Details

    • False
    • None
    • False
    • Hide
      Before this update a security vulnerability CVE-2022-32149 was noted in Service Binding Operator. An attacker may have caused a denial of service by crafting an Accept-Language header which ParseAcceptLanguage would take significant time to parse. This update fixes the CVE-2022-32149 by updating golang.org/x/text package from v0.3.7 to v0.3.8.
      Show
      Before this update a security vulnerability CVE-2022-32149 was noted in Service Binding Operator. An attacker may have caused a denial of service by crafting an Accept-Language header which ParseAcceptLanguage would take significant time to parse. This update fixes the CVE-2022-32149 by updating golang.org/x/text package from v0.3.7 to v0.3.8.
    • AppSvc Sprint 226

    Description

      Description of problem:

      https://access.redhat.com/security/cve/CVE-2022-32149

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. <steps>

      Actual results:

      Expected results:

      Reproducibility (Always/Intermittent/Only Once):

      Build Details:

      Additional info:

      Documentation Requirement: Yes/No (needs-docs|upstream-docs / no-doc)

      Upstream: <Inputs/Requirement details>/ Not Applicable

      Downstream: <Type: Doc defect/More inputs to doc>/ Not Applicable

      Provide link to the relevant section
      Provide doc inputs and details required

      Release Notes Type: <New Feature/Enhancement/Known Issue/Bug
      fix/Breaking change/Deprecated Functionality/Technology Preview>

      Attachments

        Issue Links

          is documented by

          Task - Represents a small unit of work that is not end-user facing. RHDEVDOCS-4744 RN: Fix CVE-2022-32149

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              pmacik@redhat.com Pavel Macik
              pmacik@redhat.com Pavel Macik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: