Description of problem: The CVE-2023-44487  vulnerability was identified on October 10th and is already public, affecting a wide range of Red Hat products, The The CVE page only identifies one RHODS component (odh-mm-rest-proxy-container) as affected; we have developed a Google spreadsheet with all of the affected and non-affected components here: https://docs.google.com/spreadsheets/d/14ilQISublVbxW_DKWxJa6XAmue0HpnAyqd5mswcsBns/edit?usp=

Build Details:  Even if one RHODS component found impacted, we need to have following z-stream fixes for:

1.32.2 - for IBM
1.33.1 - for all the customers
We also need to add this fix for 1.34 release

Workaround:

Additional info:

Security Tracker issue for golang https://issues.redhat.com/browse/RHEL-12618
CVE-2023-44487 and CVE-2023-39325 - Major Incident Doc https://docs.google.com/document/d/16KYdW78IixxJBGTbNVY5ALJSW7BihAsBT0S81Nh-jws/edit#heading=h.33qzjodktpu
Advisory for rpm go-toolset with the fix shipped https://errata.devel.redhat.com/advisory/121960
Advisory for go-toolset container image https://errata.devel.redhat.com/advisory/122141