The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. https://go.dev/cl/569356 https://pkg.go.dev/vuln/GO-2024-2611
Update: A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown option is set (as well as when unmarshaling into any message which contains a google.protobuf.Any). There is no UnmarshalUnknown option. In addition, version 1.33.0 of google.golang.org/protobuf inadvertently introduced an incompatibility with the older github.com/golang/protobuf module. (https://github.com/golang/protobuf/issues/1596) Users of the older module should update to github.com/golang/prot....4. - Damien, apologetically on behalf of the Go team. comment 0 and doctext updated for the same.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1363 https://access.redhat.com/errata/RHSA-2024:1363
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1362 https://access.redhat.com/errata/RHSA-2024:1362
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:1456 https://access.redhat.com/errata/RHSA-2024:1456
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1461 https://access.redhat.com/errata/RHSA-2024:1461
This issue has been addressed in the following products: RHOL-5.6-RHEL-8 Via RHSA-2024:1507 https://access.redhat.com/errata/RHSA-2024:1507
This issue has been addressed in the following products: RHOL-5.7-RHEL-8 Via RHSA-2024:1508 https://access.redhat.com/errata/RHSA-2024:1508
This issue has been addressed in the following products: RHOL-5.8-RHEL-9 Via RHSA-2024:1474 https://access.redhat.com/errata/RHSA-2024:1474
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:1537 https://access.redhat.com/errata/RHSA-2024:1537
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1538 https://access.redhat.com/errata/RHSA-2024:1538
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1559 https://access.redhat.com/errata/RHSA-2024:1559
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1563 https://access.redhat.com/errata/RHSA-2024:1563
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1574 https://access.redhat.com/errata/RHSA-2024:1574
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8 Via RHSA-2024:1665 https://access.redhat.com/errata/RHSA-2024:1665
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9 Via RHSA-2024:1795 https://access.redhat.com/errata/RHSA-2024:1795
This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:1859 https://access.redhat.com/errata/RHSA-2024:1859
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:1874 https://access.redhat.com/errata/RHSA-2024:1874
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.8 Via RHSA-2024:1925 https://access.redhat.com/errata/RHSA-2024:1925
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2549 https://access.redhat.com/errata/RHSA-2024:2549
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2024:2639 https://access.redhat.com/errata/RHSA-2024:2639