GHSA-4r8x-2p26-976p: goproxy Denial of Service vulnerability

Red Hat Security Advisory 2024-8974-03 - Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes.

Red Hat Security Advisory 2024-3479-03 - Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 for RHEL 8.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.

An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-37788: A flaw was found in goproxy, which is vulnerable to a denial of service caused by improper input validation. This flaw allows a remote attacker can cause the goproxy server to crash by sending a specially crafted HTTP request to the HTTPS page, replacing the path "/" with an asterisk "*".

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.