HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125
This issue has been addressed in the following products: Red Hat OpenShift Security Profiles Operator stable on RHEL-8 Red Hat OpenShift Security Profiles Operator stable on RHEL-9 Via RHSA-2023:2029 https://access.redhat.com/errata/RHSA-2023:2029
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0475
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006