Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1764

potential DOS in message-parser in Bare Metal Event Relay

XMLWordPrintable

    • Low
    • None
    • CNF RAN Sprint 225
    • 1
    • False
    • Hide

      None

      Show
      None

      There are a couple of Dependabot alert in Github for hw-event-proxy regarding message-parser.

      https://github.com/redhat-cne/hw-event-proxy/security/dependabot/4

      https://github.com/redhat-cne/hw-event-proxy/security/dependabot/5

      The python library protobuf needs to be upgrade to version 3.20.2 or later. For example:
      protobuf>=3.20.2

      Since the message-parser app is not exposed to outside of hw-event-proxy pod, it is not vulnerable to any direct DOS attacks. As such, there is no need to fix previous release. A fix in current release to remove the Github warnings should be sufficient.

              jacding@redhat.com Jack Ding
              jacding@redhat.com Jack Ding
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: