The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. Reference: https://github.com/Masterminds/vcs/pull/105 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078
Created golang-github-Masterminds-vcs tracking bugs for this issue: Affects: epel-7 [bug 2215329]
Created glide tracking bugs for this issue: Affects: epel-7 [bug 2215332]
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:4053 https://access.redhat.com/errata/RHSA-2023:4053
The customer has an openshift environment (uses CoreOS and inplace Ceph) and just completed the environment upgrade to 4.10.59. On the standalone servers, the customer is running either RHEL8.8 or RHEL7.9. The customer is impacted by vulnerability `CVE-2022-21235` and this bug .The customer wants to know when this bug will be fixed. Kindly assist.
Hi Team, Any timeline when this issue will be fixed?
Hi Team, Customer wants to know the timeline for when this issue will be fixed. Kindly assist. Thanks!
This issue has been addressed in the following products: Red Hat OpenStack Platform 17.1 Via RHSA-2023:4582 https://access.redhat.com/errata/RHSA-2023:4582
Hi Team, Customer uses CoreOS and in place Ceph) and just completed the environment upgrade to 4.10.59. On the standalone servers, the customer is running either RHEL8.8 or RHEL7.9. The customer is impacted by vulnerability `CVE-2022-21235` and this bug. The customer wants to know when this bug will be fixed. The customer is waiting for the feedback for long time. Please assist.
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:4694 https://access.redhat.com/errata/RHSA-2023:4694