-
Component Upgrade
-
Resolution: Done
-
Major
-
7.13.2.GA, IBM BAMOE 8.0.2.GA
-
False
-
None
-
False
-
-
-
-
-
-
CR1
-
---
-
---
-
-
-
2023 Week 09-11 (from Feb 27), 2023 Week 12-14 (from Mar 20), 2023 Week 15-17 (from Apr 10)
There are a few security issues reported by GitHub, today we have 12 alerts:
https://github.com/kiegroup/kie-cloud-operator/security/dependabot
- CVE-2022-32149: Denial of service in golang.org/x/text/language - High
- CVE-2022-27664: golang.org/x/net/http2 Denial of Service vulnerability - High
- CVE-2021-43565: x/crypto/ssh vulnerable to panic via SSH server - High
- CVE-2022-27191: Use of a Broken or Risky Cryptographic Algorithm in golang.org/x/crypto/ssh - High
- CVE-2022-21698: Uncontrolled Resource Consumption in promhttp - High
- CVE-2020-36067: Improper Validation of Array Index in GJSON - High
- CVE-2021-42248: ReDoS via crafted JSON input in GJSON - High
- CVE-2020-36066: Denial of service - High
- CVE-2020-35380: Denial of service in GJSON - High
- CVE-2021-42836: regular expression denial of service in gjson - High
- CVE-2021-20329: Improper Validation of Specified Type of Input - Moderate
- CVE-2022-41723: Uncontrolled Resource Consumption - Low
