A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method. https://github.com/advisories/GHSA-fwr7-v2mv-hh25
Created breeze-icon-theme tracking bugs for this issue: Affects: epel-8 [bug 2126995] Affects: fedora-all [bug 2126997] Created cockatrice tracking bugs for this issue: Affects: fedora-all [bug 2126998] Created couchdb tracking bugs for this issue: Affects: fedora-all [bug 2126999] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-all [bug 2127000] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-7 [bug 2126993] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2127001] Created mozjs68 tracking bugs for this issue: Affects: fedora-all [bug 2127002] Created mozjs78 tracking bugs for this issue: Affects: fedora-all [bug 2127003] Created nodejs tracking bugs for this issue: Affects: epel-7 [bug 2126994] Affects: fedora-all [bug 2127004] Created python-engineio tracking bugs for this issue: Affects: fedora-all [bug 2127005] Created seamonkey tracking bugs for this issue: Affects: epel-8 [bug 2126996] Affects: fedora-all [bug 2127006] Created workrave tracking bugs for this issue: Affects: fedora-all [bug 2127007] Created yarnpkg tracking bugs for this issue: Affects: fedora-all [bug 2127008] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2127009]
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-43138
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.2 for RHEL 8 Via RHSA-2023:3645 https://access.redhat.com/errata/RHSA-2023:3645