ACK Detected Controllers CVEs
ack-bot opened this issue · 0 comments
ack-bot commented
| CVE ID | Type | Severity | Installed Version | Fixed Version | Affected Controllers | Title |
|---|---|---|---|---|---|---|
| CVE-2024-24791 | gobinary | MEDIUM | 1.22.2 | 1.21.12, 1.22.5 | [elasticache] | net/http: Denial of service due to improper 100-continue handling in net/http |
| CVE-2024-39689 | amazon | LOW | 2023.2.64-1.amzn2.0.1 | 2023.2.68-1.amzn2.0.1 | ALL | python-certifi: Remove root certificates from GLOBALTRUST from the root store |
| CVE-2024-34156 | gobinary | HIGH | 1.22.5 | 1.22.7, 1.23.1 | ALL | encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion |
| CVE-2024-34155 | gobinary | MEDIUM | 1.22.5 | 1.22.7, 1.23.1 | ALL | go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion |
| CVE-2024-34158 | gobinary | MEDIUM | 1.22.5 | 1.22.7, 1.23.1 | ALL | go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion |
| CVE-2024-24790 | gobinary | CRITICAL | 1.22.2 | 1.21.11, 1.22.4 | [elasticache] | golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses |
| CVE-2024-24788 | gobinary | HIGH | 1.22.2 | 1.22.3 | [elasticache] | golang: net: malformed DNS message can cause infinite loop |
| CVE-2024-24789 | gobinary | MEDIUM | 1.22.2 | 1.21.11, 1.22.4 | [elasticache] | golang: archive/zip: Incorrect handling of certain ZIP files |