Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-5184

OSSM 2.4.5 (Pre Stage): CVEs

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • Envoy
    • None

      List and confirm all CVEs that will be fixed in OSSM x.y.z.

      2.2.12:

      OSSM-4950 CVE-2023-44487 openshift-istio-proxyv2-rhel8-container: envoy: Denial of service when using HTTP/2 protocol

      OSSM-5018 CVE-2023-39325 openshift-istio-prometheus-rhel8-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 

      OSSM-5006 ] CVE-2023-39325 openshift-istio-cni-rhel8-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

      2.3.9:

      2.4.5:

      OSSM-4614 CVE-2023-3978 openshift-istio-cni-rhel8-container: golang.org/x/net/html: Cross site scripting

              rh-ee-mamyers Mayleigh Tjapkes
              tsze@redhat.com To Hung Sze
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: