Bug 2294193
| Summary: | CVE-2024-37890 [Clone to 4.14] CVE-2024-37890 mcg-core-container: nodejs-ws: denial of service when handling a request with many HTTP headers [openshift-data-foundation-4] | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat OpenShift Data Foundation | Reporter: | Liran Mauda <lmauda> | |
| Component: | Multi-Cloud Object Gateway | Assignee: | Liran Mauda <lmauda> | |
| Status: | CLOSED ERRATA | QA Contact: | Uday kurundwade <ukurundw> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 4.14 | CC: | amctagga, asriram, kramdoss, lmauda, odf-bz-bot, rgatica, sheggodu | |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking | |
| Target Release: | ODF 4.14.10 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | component:mcg-core-container | |||
| Fixed In Version: | 4.14.10-2 | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 2294192 | |||
| : | 2294194 (view as bug list) | Environment: | ||
| Last Closed: | 2024-09-05 05:42:13 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2292783, 2294192 | |||
| Bug Blocks: | 2292777, 2294194 | |||
| Deadline: | 2024-08-16 | |||
|
Description
Liran Mauda
2024-06-25 10:08:09 UTC
Please backport the fix to ODF-4.14 and update the RDT flag/text appropriately. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Data Foundation 4.14.10 Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:6398 |