GHSA-gxhv-3hwf-wjp9

Suggest an improvement
Source
https://github.com/advisories/GHSA-gxhv-3hwf-wjp9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gxhv-3hwf-wjp9/GHSA-gxhv-3hwf-wjp9.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-gxhv-3hwf-wjp9
Aliases
Published
2022-05-13T01:34:31Z
Modified
2023-11-01T04:49:00.119671Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
JSON-Patch Out-of-bounds Write vulnerability
Details

An out of bound write can occur when patching an Openshift object using the oc patch functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Database specific 
{
    "nvd_published_at": "2018-09-06T14:29:00Z",
    "github_reviewed_at": "2023-02-08T00:27:34Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-787"
    ]
}
References

Affected packages

Go / github.com/evanphx/json-patch

Package

Name
github.com/evanphx/json-patch
View open source insights on deps.dev
Purl
pkg:golang/github.com/evanphx/json-patch

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.2

Go / github.com/evanphx/json-patch

Package

Name
github.com/evanphx/json-patch
View open source insights on deps.dev
Purl
pkg:golang/github.com/evanphx/json-patch

Affected ranges

Type
SEMVER
Events
Introduced
3.0.0
Fixed
3.0.1-0.20180525145409-4c9aadca8f89