Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Created golang tracking bugs for this issue: Affects: epel-all [bug 2196629] Affects: fedora-all [bug 2196630]
Anten, is there a link to the upstream report? It's not clear from the description here in bugzilla how to reproduce the problem so I can't tell if MicroShift is actually affected.
References: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU Go issue https://go.dev/issue/59721 Commits: https://github.com/golang/go/commit/a32232cb18ed07496ec77c1cf2dcefa1cb0ac057 [Master] https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 [release-branch.go1.19] https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 [release-branch.go1.20]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3318 https://access.redhat.com/errata/RHSA-2023:3318
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3319 https://access.redhat.com/errata/RHSA-2023:3319
This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2023:3323 https://access.redhat.com/errata/RHSA-2023:3323
This issue has been addressed in the following products: RHACS-3.73-RHEL-8 Via RHSA-2023:3379 https://access.redhat.com/errata/RHSA-2023:3379
This issue has been addressed in the following products: RHACS-4.0-RHEL-8 Via RHSA-2023:3415 https://access.redhat.com/errata/RHSA-2023:3415
This issue has been addressed in the following products: RHACS-3.74-RHEL-8 Via RHSA-2023:3435 https://access.redhat.com/errata/RHSA-2023:3435
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:3445 https://access.redhat.com/errata/RHSA-2023:3445
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3367 https://access.redhat.com/errata/RHSA-2023:3367
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3366 https://access.redhat.com/errata/RHSA-2023:3366
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3410 https://access.redhat.com/errata/RHSA-2023:3410
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3409 https://access.redhat.com/errata/RHSA-2023:3409
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:3545 https://access.redhat.com/errata/RHSA-2023:3545
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2023:3624 https://access.redhat.com/errata/RHSA-2023:3624
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.4 for RHEL 8 Via RHSA-2023:3644 https://access.redhat.com/errata/RHSA-2023:3644
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:3612 https://access.redhat.com/errata/RHSA-2023:3612
This issue has been addressed in the following products: NETWORK-OBSERVABILITY-1.3.0-RHEL-9 Via RHSA-2023:3905 https://access.redhat.com/errata/RHSA-2023:3905
This issue has been addressed in the following products: OADP-1.1-RHEL-8 Via RHSA-2023:3918 https://access.redhat.com/errata/RHSA-2023:3918
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:3915 https://access.redhat.com/errata/RHSA-2023:3915
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:3911 https://access.redhat.com/errata/RHSA-2023:3911
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:3910 https://access.redhat.com/errata/RHSA-2023:3910
Were the bugs for this CVE created correctly? I got bugs RHEL 8 bugs for toolbox for both the rolling (bug 2207514) and 4.0 (bug 2207509) module streams, but none for RHEL 9. In comparison, I found a RHEL 8 podman bug for the 4.0 module stream (bug 2207507) and one for RHEL 9 (bug 2207522). I also found a RHEL 9 bug for golang (bug 2204477). So, it seems like RHEL 9 is affected, but then why is there no RHEL 9 toolbox bug? There's no difference in toolbox across RHEL 8 and 9 that could be relevant to this CVE.
@trathi: see comment #45 above about RHEL affects
This issue has been addressed in the following products: OADP-1.0-RHEL-8 Via RHSA-2023:4289 https://access.redhat.com/errata/RHSA-2023:4289
This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:4420 https://access.redhat.com/errata/RHSA-2023:4420
This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:4421 https://access.redhat.com/errata/RHSA-2023:4421
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.3 for RHEL 8 Via RHSA-2023:4470 https://access.redhat.com/errata/RHSA-2023:4470
This issue has been addressed in the following products: CERT-MANAGER-1.10-RHEL-9 Via RHSA-2023:4335 https://access.redhat.com/errata/RHSA-2023:4335
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
This issue has been addressed in the following products: RHEL-9-CNV-4.13 Via RHSA-2023:4664 https://access.redhat.com/errata/RHSA-2023:4664
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:5376 https://access.redhat.com/errata/RHSA-2023:5376
This issue has been addressed in the following products: multicluster engine for Kubernetes 2.3 for RHEL 8 Via RHSA-2023:5421 https://access.redhat.com/errata/RHSA-2023:5421
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8 Via RHSA-2023:5442 https://access.redhat.com/errata/RHSA-2023:5442
This issue has been addressed in the following products: RODOO-1.0-RHEL-8 Via RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6346 https://access.redhat.com/errata/RHSA-2023:6346
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6363 https://access.redhat.com/errata/RHSA-2023:6363
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6402 https://access.redhat.com/errata/RHSA-2023:6402
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6473 https://access.redhat.com/errata/RHSA-2023:6473
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6474 https://access.redhat.com/errata/RHSA-2023:6474
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6938 https://access.redhat.com/errata/RHSA-2023:6938
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:6939 https://access.redhat.com/errata/RHSA-2023:6939