Red Hat Security Advisory 2024-0753-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0753.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: linux-firmware security updateAdvisory ID:        RHSA-2024:0753-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0753Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-20592====================================================================Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* (RCVE-2023-20592)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20592References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2244590

Red Hat Security Advisory 2024-0753-03

Red Hat Security Advisory 2024-0752-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0752.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:0752-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0752Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2024-21626====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21626References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2258725

Red Hat Security Advisory 2024-0752-03

Red Hat Security Advisory 2024-0751-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0751.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0751-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0751Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0751-03

Red Hat Security Advisory 2024-0750-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0750.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0750-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0750Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0750-03

Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: unbound security updateAdvisory ID:        RHSA-2024:0749-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0749Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2019-25033====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* unbound: integer overflow in the regional allocator via the ALIGN_UP macro (CVE-2019-25033)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2019-25033References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1954775

Red Hat Security Advisory 2024-0749-03

Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0748.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:4.0 security updateAdvisory ID:        RHSA-2024:0748-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0748Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (\"Leaky Vessels\") (CVE-2024-21626)A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section.* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2253193https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2258725https://issues.redhat.com/browse/RHEL-15029https://issues.redhat.com/browse/RHEL-17145

Red Hat Security Advisory 2024-0748-03

Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0746.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: new container image: rhceph-5.3  
Advisory ID:        RHSA-2024:0746-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0746  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2022-23498  
====================================================================

Summary: 

Updated container image for Red Hat Ceph Storage 5.3 is now available in  
the Red Hat Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

This updated container image is based on Red Hat Ceph Storage 5.3 and Red  
Hat Enterprise Linux.

Space precludes documenting all of these changes in this advisory. Users  
are directed to the Red Hat Ceph Storage Release Notes for information on  
the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from  
the Red Hat Ecosystem catalog.

Security Fix(es):

* grafana: Use of Cache Containing Sensitive Information (CVE-2022-23498)

* grafana: cross site scripting (CVE-2023-0507)

* grafana: cross site scripting (CVE-2023-0594)

* haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

* haproxy: segfault DoS (CVE-2023-0056)

* grafana: JWT token leak to data source (CVE-2023-1387)

* grafana: stored XSS vulnerability affecting the core plugin \"Text\" (CVE-2023-22462)

* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index

https://access.redhat.com/articles/2789521

https://access.redhat.com/articles/1548993

CVEs:

CVE-2022-23498

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2160808  
https://bugzilla.redhat.com/show_bug.cgi?id=2161274  
https://bugzilla.redhat.com/show_bug.cgi?id=2164936  
https://bugzilla.redhat.com/show_bug.cgi?id=2167266  
https://bugzilla.redhat.com/show_bug.cgi?id=2168037  
https://bugzilla.redhat.com/show_bug.cgi?id=2168038  
https://bugzilla.redhat.com/show_bug.cgi?id=2169089  
https://bugzilla.redhat.com/show_bug.cgi?id=2184481  
https://bugzilla.redhat.com/show_bug.cgi?id=2186322  
https://bugzilla.redhat.com/show_bug.cgi?id=2256938

Red Hat Security Advisory 2024-0746-03

Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ceph Storage 5.3 Security update  
Advisory ID:        RHSA-2024:0745-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0745  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2023-43040  
====================================================================

Summary: 

An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat  
Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

These updated packages include numerous bug fixes. Space precludes  
documenting all of these changes in this advisory. Users are directed to  
the Red Hat Ceph Storage Release Notes for information on the most  
significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to update to these packages  
that provide various bug fixes.

Security Fix(es):

* rgw: improperly verified POST keys (CVE-2023-43040)

* ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index#upgrade-a-red-hat-ceph-storage-cluster-using-cephadm

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-43040

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2153448  
https://bugzilla.redhat.com/show_bug.cgi?id=2193419  
https://bugzilla.redhat.com/show_bug.cgi?id=2211758  
https://bugzilla.redhat.com/show_bug.cgi?id=2215374  
https://bugzilla.redhat.com/show_bug.cgi?id=2215380  
https://bugzilla.redhat.com/show_bug.cgi?id=2216855  
https://bugzilla.redhat.com/show_bug.cgi?id=2216857  
https://bugzilla.redhat.com/show_bug.cgi?id=2224636  
https://bugzilla.redhat.com/show_bug.cgi?id=2227806  
https://bugzilla.redhat.com/show_bug.cgi?id=2227810  
https://bugzilla.redhat.com/show_bug.cgi?id=2227997  
https://bugzilla.redhat.com/show_bug.cgi?id=2228001  
https://bugzilla.redhat.com/show_bug.cgi?id=2228039  
https://bugzilla.redhat.com/show_bug.cgi?id=2231469  
https://bugzilla.redhat.com/show_bug.cgi?id=2232164  
https://bugzilla.redhat.com/show_bug.cgi?id=2233444  
https://bugzilla.redhat.com/show_bug.cgi?id=2233886  
https://bugzilla.redhat.com/show_bug.cgi?id=2234610  
https://bugzilla.redhat.com/show_bug.cgi?id=2236190  
https://bugzilla.redhat.com/show_bug.cgi?id=2237391  
https://bugzilla.redhat.com/show_bug.cgi?id=2237880  
https://bugzilla.redhat.com/show_bug.cgi?id=2238665  
https://bugzilla.redhat.com/show_bug.cgi?id=2239149  
https://bugzilla.redhat.com/show_bug.cgi?id=2239433  
https://bugzilla.redhat.com/show_bug.cgi?id=2239455  
https://bugzilla.redhat.com/show_bug.cgi?id=2240089  
https://bugzilla.redhat.com/show_bug.cgi?id=2240144  
https://bugzilla.redhat.com/show_bug.cgi?id=2240586  
https://bugzilla.redhat.com/show_bug.cgi?id=2240727  
https://bugzilla.redhat.com/show_bug.cgi?id=2240839  
https://bugzilla.redhat.com/show_bug.cgi?id=2240977  
https://bugzilla.redhat.com/show_bug.cgi?id=2244868  
https://bugzilla.redhat.com/show_bug.cgi?id=2245335  
https://bugzilla.redhat.com/show_bug.cgi?id=2245699  
https://bugzilla.redhat.com/show_bug.cgi?id=2247232  
https://bugzilla.redhat.com/show_bug.cgi?id=2248825  
https://bugzilla.redhat.com/show_bug.cgi?id=2249014  
https://bugzilla.redhat.com/show_bug.cgi?id=2249017  
https://bugzilla.redhat.com/show_bug.cgi?id=2249565  
https://bugzilla.redhat.com/show_bug.cgi?id=2249571  
https://bugzilla.redhat.com/show_bug.cgi?id=2251768  
https://bugzilla.redhat.com/show_bug.cgi?id=2252781  
https://bugzilla.redhat.com/show_bug.cgi?id=2253672  
https://bugzilla.redhat.com/show_bug.cgi?id=2255035  
https://bugzilla.redhat.com/show_bug.cgi?id=2255436  
https://bugzilla.redhat.com/show_bug.cgi?id=2256172  
https://bugzilla.redhat.com/show_bug.cgi?id=2257421  
https://bugzilla.redhat.com/show_bug.cgi?id=2259297

Red Hat Security Advisory 2024-0745-03

Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0728.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Logging Subsystem 5.8.3 - Red Hat OpenShiftAdvisory ID:        RHSA-2024:0728-03Product:            Logging Subsystem for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0728Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Logging Subsystem 5.8.3 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Logging Subsystem 5.8.3 - Red Hat OpenShiftSecurity Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253330https://issues.redhat.com/browse/LOG-4822https://issues.redhat.com/browse/LOG-4893https://issues.redhat.com/browse/LOG-4962https://issues.redhat.com/browse/LOG-4963https://issues.redhat.com/browse/LOG-4969https://issues.redhat.com/browse/OU-319https://issues.redhat.com/browse/OU-320

Red Hat Security Advisory 2024-0728-03

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-rr69-rxr6-8qwf

**serde-json-wasm stack overflow during recursive JSON parsing**

High severity GitHub Reviewed Published Feb 9, 2024 to the GitHub Advisory Database • Updated Feb 9, 2024

**Package**

cargo serde-json-wasm (Rust)

**Affected versions**

\= 1.0.0

< 0.5.2

**Patched versions**

1.0.1

0.5.2

**Description**

Published to the GitHub Advisory Database

Feb 9, 2024

Tag

#js