Bug 2294194 - CVE-2024-37890 [Clone to 4.13] CVE-2024-37890 mcg-core-container: nodejs-ws: denial of service when handling a request with many HTTP headers [openshift-data-foundation-4]
Summary: CVE-2024-37890 [Clone to 4.13] CVE-2024-37890 mcg-core-container: nodejs-ws: ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Deadline: 2024-08-16
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: Multi-Cloud Object Gateway
Version: 4.13
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ODF 4.13.11
Assignee: Liran Mauda
QA Contact: krishnaram Karthick
URL:
Whiteboard: component:mcg-core-container
Depends On: 2292783 2294192 2294193
Blocks: CVE-2024-37890
TreeView+ depends on / blocked
 
Reported: 2024-06-25 10:11 UTC by Liran Mauda
Modified: 2024-08-06 06:09 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 2294193
Environment:
Last Closed: 2024-08-05 08:11:05 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github noobaa noobaa-core pull 8154 0 None Merged Bump ws from 8.17.0 to 8.17.1 2024-06-25 10:13:21 UTC
Red Hat Issue Tracker OCSBZM-8572 0 None None None 2024-07-25 12:15:26 UTC

Description Liran Mauda 2024-06-25 10:11:23 UTC 
+++ This bug was initially created as a clone of Bug #2294193 +++
Comment 4 Sunil Kumar Acharya 2024-07-25 12:43:07 UTC 
Please backport the fix to ODF-4.13 and update the RDT flag/text appropriately.
Note You need to log in before you can comment on or make changes to this bug.