microshift vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the microshift package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Expected Behavior Violation	*
M Expected Behavior Violation	*
M Information Exposure	*
M Time-of-check Time-of-use (TOCTOU)	*
M CVE-2025-4673	*
M Cross-site Scripting (XSS)	*
L Incorrect Authorization	*
L Incorrect Authorization	*
H Asymmetric Resource Consumption (Amplification)	*
M Improper Input Validation	*
H Improper Validation of Syntactic Correctness of Input	*
M Information Exposure	*
H Information Exposure	<0:4.14.42-202411280904.p0.gcf4d04f.assembly.4.14.42.el9
H Information Exposure	<0:4.15.41-202412091343.p0.gcf9680e.assembly.4.15.41.el9
H Information Exposure	<0:4.16.24-202411220522.p0.gcc4fedc.assembly.4.16.24.el9
H Information Exposure	<0:4.17.7-202411280904.p0.g129334d.assembly.4.17.7.el9
L Improper Verification of Cryptographic Signature	*
M Information Exposure	*
H Allocation of Resources Without Limits or Throttling	*
L Improper Handling of Exceptional Conditions	*
M Use of Uninitialized Variable	*
H Allocation of Resources Without Limits or Throttling	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
H Buffer Access with Incorrect Length Value	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
H Cross-site Scripting (XSS)	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
H Cross-site Scripting (XSS)	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
H Information Exposure	<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9
M Improper Input Validation	*
H Resource Exhaustion	<0:4.15.12-202405021504.p0.ge0938ef.assembly.4.15.12.el9
H Resource Exhaustion	<0:4.14.24-202405021453.p0.g6e3abf7.assembly.4.14.24.el9
H Information Exposure	<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9
M Resource Exhaustion	<0:4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9
H Memory Leak	<0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9
H Memory Leak	<0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9
H Information Exposure	<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9
H Resource Exhaustion	<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9
H Resource Exhaustion	<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9
M Resource Exhaustion	<0:4.14.10-202401181720.p0.gd25a4c5.assembly.4.14.10.el9
M Allocation of Resources Without Limits or Throttling	*
H Resource Exhaustion	<0:4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
H Resource Exhaustion	<0:4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9
M Allocation of Resources Without Limits or Throttling	*
M HTTP Response Splitting	*
H CVE-2023-2727	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
H CVE-2023-2728	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
M Improper Handling of Unicode Encoding	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Improper Handling of Unicode Encoding	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Improper Handling of Unicode Encoding	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Improper Handling of Unicode Encoding	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
H Authentication Bypass	<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Resource Exhaustion	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Resource Exhaustion	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Arbitrary Code Injection	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Arbitrary Code Injection	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Resource Exhaustion	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Resource Exhaustion	<0:4.13.3-202306081201.p0.g16708cc.assembly.4.13.3.el9
M Incorrect Default Permissions	*
M Authentication Bypass by Primary Weakness	*
M Authentication Bypass	*
M Directory Traversal	*
M Resource Exhaustion	<0:4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9
M Allocation of Resources Without Limits or Throttling	<0:4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9
M Allocation of Resources Without Limits or Throttling	<0:4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9

Vulnerability

Vulnerable Version

Expected Behavior Violation

Information Exposure

Time-of-check Time-of-use (TOCTOU)

CVE-2025-4673

Cross-site Scripting (XSS)

Incorrect Authorization

Asymmetric Resource Consumption (Amplification)

Improper Input Validation

Improper Validation of Syntactic Correctness of Input

Information Exposure

<0:4.14.42-202411280904.p0.gcf4d04f.assembly.4.14.42.el9

Information Exposure

<0:4.15.41-202412091343.p0.gcf9680e.assembly.4.15.41.el9

Information Exposure

<0:4.16.24-202411220522.p0.gcc4fedc.assembly.4.16.24.el9

Information Exposure

<0:4.17.7-202411280904.p0.g129334d.assembly.4.17.7.el9

Improper Verification of Cryptographic Signature

Information Exposure

Allocation of Resources Without Limits or Throttling

Improper Handling of Exceptional Conditions

Use of Uninitialized Variable

Allocation of Resources Without Limits or Throttling

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

Buffer Access with Incorrect Length Value

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

Cross-site Scripting (XSS)

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

Cross-site Scripting (XSS)

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

Information Exposure

<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9

Loop with Unreachable Exit Condition ('Infinite Loop')

<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9

Improper Input Validation

Resource Exhaustion

<0:4.15.12-202405021504.p0.ge0938ef.assembly.4.15.12.el9

Resource Exhaustion

<0:4.14.24-202405021453.p0.g6e3abf7.assembly.4.14.24.el9

Information Exposure

<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9

Resource Exhaustion

<0:4.13.0-202305161335.p0.g17cae44.assembly.4.13.0.el9

Memory Leak

<0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9

Memory Leak

<0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9

Loop with Unreachable Exit Condition ('Infinite Loop')

<0:4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0.el9

Information Exposure

<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9

Resource Exhaustion

<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9

Resource Exhaustion

<0:4.15.0-202402260721.p0.g799289b.assembly.4.15.0.el9

Resource Exhaustion

<0:4.14.10-202401181720.p0.gd25a4c5.assembly.4.14.10.el9

Allocation of Resources Without Limits or Throttling

Resource Exhaustion

<0:4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9

Resource Exhaustion

<0:4.14.2-202311091609.p0.gd80d6de.assembly.4.14.2.el9

Allocation of Resources Without Limits or Throttling

HTTP Response Splitting

CVE-2023-2727

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

CVE-2023-2728

<0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9

Improper Handling of Unicode Encoding