Redhat Openshift Serverless vulnerabilities

CVE-2023-4853 [HIGH] CWE-148 CVE-2023-4853: A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permut A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CVE-2021-3703 [HIGH] CVE-2021-3703: It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentio It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.