GHSA-gxhv-3hwf-wjp9

Source

https://github.com/advisories/GHSA-gxhv-3hwf-wjp9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gxhv-3hwf-wjp9/GHSA-gxhv-3hwf-wjp9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-gxhv-3hwf-wjp9

Aliases

Published

2022-05-13T01:34:31Z

Modified

2023-11-01T04:49:00.119671Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

JSON-Patch Out-of-bounds Write vulnerability

Details

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Database specific

{
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-787"
    ],
    "nvd_published_at": "2018-09-06T14:29:00Z",
    "github_reviewed_at": "2023-02-08T00:27:34Z",
    "github_reviewed": true
}

References

Affected packages

Go / github.com/evanphx/json-patch

Package

Name: github.com/evanphx/json-patch; View open source insights on deps.dev
Purl: pkg:golang/github.com/evanphx/json-patch

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.2

Go / github.com/evanphx/json-patch

Package

Name: github.com/evanphx/json-patch; View open source insights on deps.dev
Purl: pkg:golang/github.com/evanphx/json-patch

Affected ranges

Type: SEMVER
Events: Introduced

3.0.0

Fixed

3.0.1-0.20180525145409-4c9aadca8f89