VDB

RHSA-2024%3A8697

RHSA-2024%3A8697 PUBLISHED CVSS 4.300000190734863 MEDIUM

A flaw was found in the Gin-Gonic Gin Web Framework. Affected versions of this package could allow a remote attacker to bypass security restrictions caused by improper input validation by the filename parameter of the Context.FileAttachment function. An attacker can modify the Content-Disposition header by using a specially-crafted attachment file name.

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-installer@sha256:f6d5c6c435ad2997a5751cac93726a7f50130a96efb36edcaa736e66645e6eeb_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/driver-toolkit-rhel9@sha256:3ee0f627f254c042c3c6f388994f43d49d0dde5c96671305d2616adc50dc3e77_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/driver-toolkit-rhel9@sha256:3ee0f627f254c042c3c6f388994f43d49d0dde5c96671305d2616adc50dc3e77_s390x
Red Hatopenshift4/ose-oauth-proxy@sha256:5e351b845018b6dee941fa090119ed806e862bd5dbea49bad7f84b8bc157362d_arm64 as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-kube-state-metrics@sha256:13f1a04a3c304b2313aeabeaddf113300790ef755c29406c19152cabe942fbcf_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-kube-state-metrics@sha256:13f1a04a3c304b2313aeabeaddf113300790ef755c29406c19152cabe942fbcf_amd64
Red Hatopenshift4/ose-cluster-network-operator@sha256:707b1d8f573135d328d937175099e2aaedc9e440e29f2c003887d8fe7c06940d_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-network-operator@sha256:707b1d8f573135d328d937175099e2aaedc9e440e29f2c003887d8fe7c06940d_amd64
Red Hatopenshift4/ose-csi-external-provisioner-rhel8@sha256:892cf77ae4d795f0cea67bb07f06e35eebeb399fc8d1356de9141e6c935ea445_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-csi-external-provisioner-rhel8@sha256:892cf77ae4d795f0cea67bb07f06e35eebeb399fc8d1356de9141e6c935ea445_s390x
Red Hatopenshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:73f689f3666f39b26a5226fdee0b4067a02e574eec313adad8a7038b168d73f1_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:73f689f3666f39b26a5226fdee0b4067a02e574eec313adad8a7038b168d73f1_arm64
Red Hatopenshift4/ose-cluster-bootstrap@sha256:8a3f8b5f243153ec2ca9bad074b16c0f87e9f4a6ad10a41703b519eb6f450c68_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-bootstrap@sha256:8a3f8b5f243153ec2ca9bad074b16c0f87e9f4a6ad10a41703b519eb6f450c68_arm64
Red Hatopenshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:09fd77fd8d0585d896fd7b98dd166a38e51ef941000e10a46ad5c3459bf35027_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:09fd77fd8d0585d896fd7b98dd166a38e51ef941000e10a46ad5c3459bf35027_arm64
Red Hatopenshift4/ose-alibaba-cloud-csi-driver-container-rhel8@sha256:53a6b9e95ef19a9174faf26756bd7bc481010d6de7e234147b29199eb454dd22_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-alibaba-cloud-csi-driver-container-rhel8@sha256:53a6b9e95ef19a9174faf26756bd7bc481010d6de7e234147b29199eb454dd22_amd64
Red Hatopenshift4/ose-gcp-cluster-api-controllers-rhel8@sha256:dea2508faa4d17be418b914aafa160848b47358f8d7605e462c40a946efc1ed6_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-gcp-cluster-api-controllers-rhel8@sha256:dea2508faa4d17be418b914aafa160848b47358f8d7605e462c40a946efc1ed6_amd64
Red Hatopenshift4/ose-k8s-prometheus-adapter@sha256:4c07c6b91bc6f9ff891d1a5857730720375c99abfd03e40fcfa8a10513eed18c_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-k8s-prometheus-adapter@sha256:4c07c6b91bc6f9ff891d1a5857730720375c99abfd03e40fcfa8a10513eed18c_amd64
Red Hatopenshift4/ose-multus-admission-controller@sha256:53df673e23c8f492f9fc4f94019f2df503ab2a4a02051689fbbe1d5f15856f62_s390x as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-aws-ebs-csi-driver-rhel8@sha256:e06160addf8fcab3f26c11ec1048c3608ed191e38dd6789dd90dc57c216b30f0_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:e06160addf8fcab3f26c11ec1048c3608ed191e38dd6789dd90dc57c216b30f0_arm64
Red Hatopenshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:09fd77fd8d0585d896fd7b98dd166a38e51ef941000e10a46ad5c3459bf35027_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:09fd77fd8d0585d896fd7b98dd166a38e51ef941000e10a46ad5c3459bf35027_arm64
Red Hatopenshift4/ose-pod@sha256:d79a533362f6ff5a9ad17e80fce970f6d774ad37a3a1e11c835b678d50a54bc5_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-pod@sha256:d79a533362f6ff5a9ad17e80fce970f6d774ad37a3a1e11c835b678d50a54bc5_ppc64le
Red Hatopenshift4/ose-ovirt-machine-controllers-rhel8@sha256:3ebfc595dc3dde99badf4f79f48f974b63335341603df4701bdbfecc41f5b9e0_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ovirt-machine-controllers-rhel8@sha256:3ebfc595dc3dde99badf4f79f48f974b63335341603df4701bdbfecc41f5b9e0_ppc64le
Red Hatopenshift4/ose-csi-external-provisioner-rhel8@sha256:f297d3bacc09a529b7b7dc9a0cd0ce42b31d8f4cb76519ffd89625ff0d49fc76_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-csi-external-provisioner-rhel8@sha256:f297d3bacc09a529b7b7dc9a0cd0ce42b31d8f4cb76519ffd89625ff0d49fc76_ppc64le
Red Hatopenshift4/ose-kube-proxy@sha256:ade991a25060ba0277e7480693095b492efd8c774c145d7c8ed67a598f02bdfd_arm64 as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-baremetal-runtimecfg-rhel8@sha256:014a01ccaa6cf21fd442b0939019b05507a122c3ea421334aad4c733ac3da815_arm64 as a component of Red Hat OpenShift Container Platform 4.14*

…and 1330 more

Timeline

  • Nov 8, 2024 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›