CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.

**Impact**

Due to improper error handling an authenticated user can crash CLA assistant instance.  
This could impact the availability of the application.

**Patches**

The issue has been fixed in this version v2.13.0

**Workarounds**

If you can’t apply the patch, you can temporary disable Node.js default behavior to exit on unhandled rejections using the --unhandled-rejections=warn Node.js CLI option or NODE_OPTIONS="--unhandled-rejections=warn" environment variable.

**Impact on cla-assistant.io**

The hosted offering on cla-assistant.io performs an automatic restart on error and thus was not impacted.

**Credits**

A very big thanks to Teo Klestrup Röijezon (teo.roijezon@stackable.de) for responsibly disclosing this bug to us.

Headline

CVE-2022-29617

CVE: Latest News