VDB

RHSA-2023%3A0584

RHSA-2023%3A0584 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 as a component of OSSO 1.1 for RHEL 8*, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64
Red Hatopenshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64 as a component of OSSO 1.1 for RHEL 8*, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8@sha256:13581442e0c3534437ba716096f7aad0c7d78a6bac74ffaaaac1c43605861d83_amd64
Red Hatopenshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 as a component of OSSO 1.1 for RHEL 8openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64, *
Red Hatopenshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64 as a component of OSSO 1.1 for RHEL 8*, openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle@sha256:bae76f2dbbc1900048dc213026a284d7b8ef2cc07a0708eeafacacf14ae511b6_amd64
golangGo

Timeline

  • May 18, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›