Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: CNV v4.16.0
Affects Version/s: None
Component/s: Storage Platform
Labels:
- fabiand-testrun-set-fixversion

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
cnv-storage-technical-debt-4.16
Component Fix Version(s):
CNV v4.16.0.rhel9-1531
[QE] How to address?:
---
[QE] Why QE missed?:
---
Market:

Sprint:
Storage Core Sprint 250, Storage Core Sprint 251, Storage Core Sprint 252

Regression:
No

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

containerized-data-importer project contains high vulnerabilities [1] [2] "Cross-site Scripting (XSS)" in file ‎pkg/uploadproxy/uploadproxy.go in branch main

[1] https://app.snyk.io/org/red-hat-openshift-virtualisation/project/bbd8b130-b33c-4ae9-86b1-446c6aa39cf8#issue-c362a6f3-5a96-4503-9c09-7b35b350a70f
[2] https://app.snyk.io/org/red-hat-openshift-virtualisation/project/bbd8b130-b33c-4ae9-86b1-446c6aa39cf8#issue-72617398-cf22-4967-a011-2067df658b2e

is related to

CNV-36322 Tracker of SAST Issues

CNV-46672 [CWE-79] main - containerized-data-importer - ‎pkg/uploadproxy/uploadproxy.go - Cross-site Scripting (XSS)

ASSIGNED

links to

RHEA-2023:122979 OpenShift Virtualization 4.16.0 Images

mentioned on

Merge request - Updated US source to: f3028ca Escape user-controlled strings in uploadproxy to avoid XSS attacks (#3131)

(1 mentioned on)

Assignee:: Alvaro Romero

Reporter:: Karel Simon

QA Contact:: Dalia Frank

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Due:: 2024/01/07

Created:: 2023/12/07 12:59 PM

Updated:: 2024/08/20 9:03 AM

Resolved:: 2024/07/10 12:41 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates