Msrc Azl3 Keda 2.14.0-1 On Azure Linux 3.0 vulnerabilities

CVE-2022-3162 [MEDIUM] CWE-22 Unauthorized read of Custom Resources Unauthorized read of Custom Resources FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2021-38561 [HIGH] CWE-125 golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input t golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input this can be used as a vector for a denial-of-service attack. FAQ: Is

CVE-2022-1996 [CRITICAL] CWE-639 Authorization Bypass Through User-Controlled Key in emicklei/go-restful Authorization Bypass Through User-Controlled Key in emicklei/go-restful FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2021-42836 [HIGH] CWE-400 GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure

CVE-2021-32923 [HIGH] CWE-613 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be inco HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9