Security Alert

[github-actions]

zozo-gatling-operator:3ca2f1dc7b145f53637f03220a77e0bd5b391d35 (debian 11.8)

debian

No vulnerabilities found

manager

gobinary

Title	Severity	CVE	Package Name	Installed Version	Fixed Version	References
Authorization Bypass Through User-Controlled Key	🔴CRITICAL	CVE-2022-1996	github.com/emicklei/go-restful	v2.9.5+incompatible	2.16.0	- https://access.redhat.com/security/cve/CVE-2022-1996 - https://github.com/emicklei/go-restful - emicklei/go-restful@9266625 - emicklei/go-restful@f292eff - emicklei/go-restful@fd3c327 - emicklei/go-restful#489 - https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SO5QC2JFW2PXBWAE27OYYYL5SPFUBHTY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W56PP46JVZEKCANBKXFKRVSBBRRMCY6V/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGQKWD6SE75PFBPFVSZYAKAVXKBZXKWS/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ - https://nvd.nist.gov/vuln/detail/CVE-2022-1996 - https://pkg.go.dev/vuln/GO-2022-0619 - https://security.netapp.com/advisory/ntap-20220923-0005/ - https://www.cve.org/CVERecord?id=CVE-2022-1996
crash in a golang.org/x/crypto/ssh server	🟠HIGH	CVE-2022-27191	golang.org/x/crypto	v0.0.0-20220214200702-86341886e292	0.0.0-20220314234659-1baeb1ce4c0b	- https://access.redhat.com/errata/RHSA-2022:8008 - https://access.redhat.com/security/cve/CVE-2022-27191 - https://bugzilla.redhat.com/1939485 - https://bugzilla.redhat.com/1989564 - https://bugzilla.redhat.com/1989570 - https://bugzilla.redhat.com/1989575 - https://bugzilla.redhat.com/2064702 - https://bugzilla.redhat.com/2121445 - https://bugzilla.redhat.com/2121453 - https://cs.opensource.google/go/x/crypto - https://errata.almalinux.org/9/ALSA-2022-8008.html - https://go.dev/cl/392355 - https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d - https://groups.google.com/g/golang-announce - https://groups.google.com/g/golang-announce/c/-cp44ypCT5s - https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ - https://linux.oracle.com/cve/CVE-2022-27191.html - https://linux.oracle.com/errata/ELSA-2022-8008.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ - https://nvd.nist.gov/vuln/detail/CVE-2022-27191 - https://pkg.go.dev/vuln/GO-2021-0356 - https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml - https://security.netapp.com/advisory/ntap-20220429-0002/ - https://www.cve.org/CVERecord?id=CVE-2022-27191
handle server errors after sending GOAWAY	🟠HIGH	CVE-2022-27664	golang.org/x/net	v0.0.0-20220127200216-cd36cc0744dd	0.0.0-20220906165146-f3363e06e74c	- https://access.redhat.com/errata/RHSA-2023:2357 - https://access.redhat.com/security/cve/CVE-2022-27664 - https://bugzilla.redhat.com/2107371 - https://bugzilla.redhat.com/2107374 - https://bugzilla.redhat.com/2107383 - https://bugzilla.redhat.com/2107386 - https://bugzilla.redhat.com/2107388 - https://bugzilla.redhat.com/2113814 - https://bugzilla.redhat.com/2124669 - https://bugzilla.redhat.com/2132868 - https://bugzilla.redhat.com/2132872 - https://bugzilla.redhat.com/2161274 - https://bugzilla.redhat.com/show_bug.cgi?id=1913333 - https://bugzilla.redhat.com/show_bug.cgi?id=1913338 - https://bugzilla.redhat.com/show_bug.cgi?id=2107371 - https://bugzilla.redhat.com/show_bug.cgi?id=2107374 - https://bugzilla.redhat.com/show_bug.cgi?id=2107383 - https://bugzilla.redhat.com/show_bug.cgi?id=2107386 - https://bugzilla.redhat.com/show_bug.cgi?id=2107388 - https://bugzilla.redhat.com/show_bug.cgi?id=2113814 - https://bugzilla.redhat.com/show_bug.cgi?id=2124669 - https://cs.opensource.google/go/x/net - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189 - https://errata.almalinux.org/9/ALSA-2023-2357.html - https://errata.rockylinux.org/RLSA-2022:7129 - golang/go@5bc9106 (go1.18.6) - golang/go@9cfe4e2 (go1.19.1) - golang/go#54658 - https://go.dev/cl/428735 - https://go.dev/issue/54658 - https://groups.google.com/g/golang-announce - https://groups.google.com/g/golang-announce/c/x49AQzIVX-s - https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ - https://linux.oracle.com/cve/CVE-2022-27664.html - https://linux.oracle.com/errata/ELSA-2023-2802.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ - https://nvd.nist.gov/vuln/detail/CVE-2022-27664 - https://pkg.go.dev/vuln/GO-2022-0969 - https://security.gentoo.org/glsa/202209-26 - https://security.netapp.com/advisory/ntap-20220923-0004/ - https://ubuntu.com/security/notices/USN-6038-1 - https://www.cve.org/CVERecord?id=CVE-2022-27664
avoid quadratic complexity in HPACK decoding	🟠HIGH	CVE-2022-41723	golang.org/x/net	v0.0.0-20220127200216-cd36cc0744dd	0.7.0	- https://access.redhat.com/security/cve/CVE-2022-41723 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723 - GHSA-vvpx-j8f3-3w6h - https://go.dev/cl/468135 - https://go.dev/cl/468295 - https://go.dev/issue/57855 - https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/ - https://nvd.nist.gov/vuln/detail/CVE-2022-41723 - https://pkg.go.dev/vuln/GO-2023-1571 - https://vuln.go.dev/ID/GO-2023-1571.json - https://www.cve.org/CVERecord?id=CVE-2022-41723
ParseAcceptLanguage takes a long time to parse complex tags	🟠HIGH	CVE-2022-32149	golang.org/x/text	v0.3.7	0.3.8	- https://access.redhat.com/security/cve/CVE-2022-32149 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149 - golang/go#56152 - https://github.com/golang/text - golang/text@434eadc - golang/text@434eadc (v0.3.8) - https://go.dev/cl/442235 - https://go.dev/issue/56152 - https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ - https://groups.google.com/g/golang-dev/c/qfPIly0X7aU - https://nvd.nist.gov/vuln/detail/CVE-2022-32149 - https://pkg.go.dev/vuln/GO-2022-1059 - https://ubuntu.com/security/notices/USN-5873-1 - https://www.cve.org/CVERecord?id=CVE-2022-32149
crash when attempting to deserialize invalid input	🟠HIGH	CVE-2022-28948	gopkg.in/yaml.v3	v3.0.0-20210107192922-496545a6307b	3.0.0-20220521103104-8f96da9f5d5e	- https://access.redhat.com/security/cve/CVE-2022-28948 - GHSA-hp87-p4gw-j4gq - https://github.com/go-yaml/yaml - go-yaml/yaml@8f96da9 - go-yaml/yaml#666 - https://nvd.nist.gov/vuln/detail/CVE-2022-28948 - https://security.netapp.com/advisory/ntap-20220923-0006/ - https://www.cve.org/CVERecord?id=CVE-2022-28948