RHEL8 has shipped on 18 October 2023 "nodejs:16" security update RHSA with fix for "Important" "Major Incident" CVE = RHSA-2023:5850 - Security Advisory (RHEL8) == https://access.redhat.com/errata/RHSA-2023:5850 = CVE-2023-44487 == https://access.redhat.com/security/cve/CVE-2023-44487 = RPM Errata == https://errata.engineering.redhat.com/advisory/122019 = Impacts mcg-core-container image at ODF The CVE that initiated this rebuild is a "Major Incident" [1]. It needs to be treated like a critical CVE and the impacted image must be updated as soon as possible, within 7 calendar days (i.e. by Oct-25).
Verified with OCP 4.12 and odf-operator.v4.12.9 noobaa core container nodejs-16.20.2-3.module+el8.8.0+20386+0b1f3093.x86_64 The respective nodejs rpm version matches with one mentioned in https://access.redhat.com/errata/RHSA-2023:5850, hence closing the bug
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Data Foundation 4.12.9 Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6169