Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Affects Testing:

Testable
Automated:
No
Regression:
No
Target Release:

RHODS_2.4.0_GA
Test Blocker:
No
Test Coverage:

Pending
Watchlist Impact:
None
Git Pull Request:
https://github.com/red-hat-data-services/rhods-operator/pull/104
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol, Affecting github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/server package, versions <0.26.0

Prerequisites (if any, like setup, operators/versions):

Steps to Reproduce

<steps>

Actual results:

Expected results:

Reproducibility (Always/Intermittent/Only Once):

Build Details:

Fix : Upgrade `github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/server` to version 0.26.0 or higher.

Additional info: https://github.com/operator-framework/operator-lifecycle-manager/releases/tag/v0.25.0

links to

RHBA-2023:122672 RHODS 2.4 - Red Hat OpenShift Data Science

mentioned on

Merge request - Updated US source to: 99bd85a Merge pull request #104 from zdtsw-forking/go_uplift1

Assignee:: Wen Zhou

Reporter:: Mohammadi Iram

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/11/08 10:13 AM

Updated:: 2023/11/27 10:06 AM

Resolved:: 2023/11/27 10:06 AM