Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38376

snyk: google.golang.org/grpc/metadata [4.16]

XMLWordPrintable

    • Critical
    • None
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      This is a clone of issue OCPBUGS-38375. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-37782. The following is the description of the original issue:

      Description of problem:

          ci/prow/security is failing on google.golang.org/grpc/metadata

      Version-Release number of selected component (if applicable):

          4.15

      How reproducible:

      always

      Steps to Reproduce:

          1. run ci/pro/security job on 4.15 pr
    2.
    3.

      Actual results:

          Medium severity vulnerability found in google.golang.org/grpc/metadata

      Expected results:

      Additional info:

       

            [OCPBUGS-38376] snyk: google.golang.org/grpc/metadata [4.16]

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (OpenShift Container Platform 4.16.11 bug fix update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHBA-2024:6401

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (OpenShift Container Platform 4.16.11 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:6401

            Jeff Yuan added a comment -

            Hello, while doing the gap analysis for OCP 4.16, I found this bug, does anybody know where can I find more details about the issue and the CVE-2024-30951 , can just see one sentence on that page, which seems related to php, but why the fix is to upgrade to google.golang.org/grpc v1.65.0? it is affecting all lower version grpc? what's symptom? thanks in advance! 

            "FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php."

            Jeff Yuan added a comment - Hello, while doing the gap analysis for OCP 4.16 , I found this bug, does anybody know where can I find more details about the issue and the CVE-2024-30951 , can just see one sentence on that page, which seems related to php, but why the fix is to upgrade to google.golang.org/grpc v1.65.0? it is affecting all lower version grpc? what's symptom? thanks in advance!  "FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php."

              jstuever@redhat.com Jeremiah Stuever
              openshift-crt-jira-prow OpenShift Prow Bot
              Jianping Shu Jianping Shu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: