golang-github-openshift-oauth-proxy vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the golang-github-openshift-oauth-proxy package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Resource Exhaustion	*
H Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
L Information Exposure	<0:2.3-1.git57b68632.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.425.7cac034.el7
H Arbitrary Code Injection	<0:3.11.82-1.git.425.7cac034.el7
M Improper Input Validation	<0:2.1-2.git885c9f40.el7
M Improper Authentication	<0:2.1-1.git885c9f40.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.425.7cac034.el7
M Improper Authorization	<0:2.1-2.git885c9f40.el7
M Information Exposure	<0:3.11.374-1.git.439.966c536.el7
H Information Exposure	<0:3.11.51-1.git.419.1af74df.el7
H Session Fixation	<0:3.11.51-1.git.419.1af74df.el7
H Resource Exhaustion	<0:3.11.51-1.git.419.1af74df.el7
H Information Exposure	<0:3.11.51-1.git.419.1af74df.el7
H Static Code Injection	<0:3.11.82-1.git.425.7cac034.el7
M Link Following	<0:3.11.98-1.git.0.fd9716c.el7
H Static Code Injection	<0:3.11.82-1.git.425.7cac034.el7
H Improper Authentication	<0:3.11.51-1.git.419.1af74df.el7
H Static Code Injection	<0:3.11.82-1.git.425.7cac034.el7
H Session Fixation	<0:3.11.82-1.git.425.7cac034.el7
H Session Fixation	<0:3.11.82-1.git.425.7cac034.el7
H Cross-site Scripting (XSS)	<0:3.11.117-1.git.1.2b006d2.el7
H Static Code Injection	<0:3.11.82-1.git.425.7cac034.el7
H Improper Authentication	<0:3.11.117-1.git.1.2b006d2.el7
H Improper Input Validation	<0:3.11.51-1.git.419.1af74df.el7
H Cross-site Scripting (XSS)	<0:3.11.51-1.git.419.1af74df.el7
H Directory Traversal	<0:3.11.51-1.git.419.1af74df.el7
H Authorization Bypass Through User-Controlled Key	*
H Static Code Injection	<0:3.11.82-1.git.425.7cac034.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.425.7cac034.el7
H Cross-site Scripting (XSS)	<0:3.11.82-1.git.425.7cac034.el7
H Cross-site Request Forgery (CSRF)	<0:3.11.82-1.git.425.7cac034.el7
H API Abuse	<0:3.11.170-1.git.1.b49be83.el7
H Information Exposure	<0:3.11.170-1.git.1.b49be83.el7
H Information Exposure	<0:3.11.170-1.git.1.b49be83.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.b49be83.el7
H Covert Timing Channel	<0:3.11.170-1.git.1.b49be83.el7
H Insufficient Control of Network Message Volume (Network Amplification)	<0:3.11.170-1.git.1.b49be83.el7
H Authentication Bypass by Primary Weakness	<0:3.11.170-1.git.1.b49be83.el7
H Improper Access Control	<0:2.1-3.git885c9f40.el7
H Incomplete Blacklist	<0:3.11.117-1.git.1.2b006d2.el7
H Insufficiently Protected Credentials	<0:3.11.117-1.git.1.2b006d2.el7
M Resource Exhaustion	<0:3.11.219-1.git.1.076ae14.el7
M Truncation of Security-relevant Information	<0:3.11.248-1.git.1.9885abb.el7
M Information Exposure	<0:3.11.248-1.git.1.9885abb.el7
M Resource Exhaustion	*
M Resource Exhaustion	*
M Use of Insufficiently Random Values	<0:3.11.374-1.git.439.966c536.el7
H Out-of-bounds Read	<0:3.11.82-1.git.425.7cac034.el7
H Resource Exhaustion	<0:3.11.82-1.git.425.7cac034.el7
H Out-of-bounds Read	<0:3.11.82-1.git.425.7cac034.el7
M Incorrect Calculation	*
M HTTP Response Splitting	<0:3.11.374-1.git.439.966c536.el7
L Race Condition	*
L Loop with Unreachable Exit Condition ('Infinite Loop')	*
H Cross-site Scripting (XSS)	<0:3.11.170-1.git.1.b49be83.el7
M HTTP Request Smuggling	*
H Resource Exhaustion	<0:2.1-3.git885c9f40.el7
H Resource Exhaustion	<0:3.11.154-1.git.1.220e3dc.el7
H Resource Exhaustion	<0:2.1-3.git885c9f40.el7
H Resource Exhaustion	<0:3.11.154-1.git.1.220e3dc.el7
L Improper Handling of Length Parameter Inconsistency	*

golang-github-openshift-oauth-proxy vulnerabilities

Direct Vulnerabilities

How to fix?