CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

**rgw:rgw crash when putting object tagging and post object with malformedXML**

Added by lei cao over 3 years ago. Updated over 3 years ago.

**Description**

When I call put object tagging or post object with tagging interface, I passed in the wrong XML parameter name, such as lowercase "tagging", this makes rgw process died.

**History**

**#7 Updated by Abhishek Lekshmanan over 3 years ago**

*   **Status** changed from _In Progress_ to _Resolved_

Fixed in mimic v13.2.10, since luminous is EOL and nautilus+ are unaffected, closing

Also available in: Atom PDF

Headline

CVE-2020-12059: Bug #44967: rgw:rgw crash when putting object tagging and post object with malformedXML - rgw

CVE: Latest News