gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4825 https://access.redhat.com/errata/RHSA-2024:4825
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:4702 https://access.redhat.com/errata/RHSA-2024:4702
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4858 https://access.redhat.com/errata/RHSA-2024:4858
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:4848 https://access.redhat.com/errata/RHSA-2024:4848
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:4963 https://access.redhat.com/errata/RHSA-2024:4963
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:5194 https://access.redhat.com/errata/RHSA-2024:5194
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5258 https://access.redhat.com/errata/RHSA-2024:5258
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:5202 https://access.redhat.com/errata/RHSA-2024:5202
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:5634 https://access.redhat.com/errata/RHSA-2024:5634
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:6054 https://access.redhat.com/errata/RHSA-2024:6054
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6194 https://access.redhat.com/errata/RHSA-2024:6194