2294193 – CVE-2024-37890 [Clone to 4.14] CVE-2024-37890 mcg-core-container: nodejs-ws: denial of service when handling a request with many HTTP headers [openshift-data-foundation-4]

Bug 2294193 - CVE-2024-37890 [Clone to 4.14] CVE-2024-37890 mcg-core-container: nodejs-ws: denial of service when handling a request with many HTTP headers [openshift-data-foundation-4]

Summary: CVE-2024-37890 [Clone to 4.14] CVE-2024-37890 mcg-core-container: nodejs-ws: ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Deadline:	2024-08-16
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	Multi-Cloud Object Gateway
Sub Component:
Version:	4.14
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.14.10
Assignee:	Liran Mauda
QA Contact:	Uday kurundwade
Docs Contact:
URL:
Whiteboard:	component:mcg-core-container
Depends On:	2292783 2294192
Blocks:	CVE-2024-37890 2294194
TreeView+	depends on / blocked

Reported:	2024-06-25 10:08 UTC by Liran Mauda
Modified:	2024-09-05 05:42 UTC (History)
CC List:	7 users (show)
Fixed In Version:	4.14.10-2
Doc Type:	No Doc Update
Doc Text:
Clone Of:	2294192
Clones:	2294194 (view as bug list)
Environment:
Last Closed:	2024-09-05 05:42:13 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	noobaa noobaa-core pull 8154	None	Merged	Bump ws from 8.17.0 to 8.17.1	2024-06-25 10:13:42 UTC
Github	noobaa noobaa-core pull 8250	None	open	[Backport into 5.14] Bump ws from 8.14.2 to 8.17.1	2024-07-31 06:10:06 UTC
Red Hat Issue Tracker	OCSBZM-8571	None	None	None	2024-07-25 11:25:42 UTC
Red Hat Product Errata	RHBA-2024:6398	None	None	None	2024-09-05 05:42:38 UTC

Description Liran Mauda 2024-06-25 10:08:09 UTC

+++ This bug was initially created as a clone of Bug #2294192 +++

Comment 4 Sunil Kumar Acharya 2024-07-25 12:41:49 UTC

Please backport the fix to ODF-4.14 and update the RDT flag/text appropriately.

Comment 15 errata-xmlrpc 2024-09-05 05:42:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenShift Data Foundation 4.14.10 Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:6398

Note You need to log in before you can comment on or make changes to this bug.