regen from script

nickboldt · nickboldt · commit 716b291d2347 · 2024-11-15T20:24:35.000-04:00
Signed-off-by: Nick Boldt &lt;nboldt@redhat.com&gt;
diff --git a/modules/release-notes/snip-fixed-security-issues-in-product-1.2.5.adoc b/modules/release-notes/snip-fixed-security-issues-in-product-1.2.5.adoc
@@ -3,11 +3,28 @@
 link:https://access.redhat.com/security/cve/CVE-2024-21529[CVE-2024-21529]::
 A flaw was found in the dset package. Affected versions of this package are vulnerable to Prototype Pollution via the dset function due to improper user input sanitization. This vulnerability allows the attacker to inject a malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
 
+link:https://access.redhat.com/security/cve/CVE-2024-21536[CVE-2024-21536]::
+A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
+
+link:https://access.redhat.com/security/cve/CVE-2024-21538[CVE-2024-21538]::
+
 link:https://access.redhat.com/security/cve/CVE-2024-24791[CVE-2024-24791]::
 A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.
 
+link:https://access.redhat.com/security/cve/CVE-2024-37890[CVE-2024-37890]::
+A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.
+
 link:https://access.redhat.com/security/cve/CVE-2024-39249[CVE-2024-39249]::
 A flaw was found in the async Node.js package. A Regular expression Denial of Service (ReDoS) attack can potentially be triggered via the autoinject function while parsing specially crafted input.
 
+link:https://access.redhat.com/security/cve/CVE-2024-43799[CVE-2024-43799]::
+A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
+
+link:https://access.redhat.com/security/cve/CVE-2024-43800[CVE-2024-43800]::
+A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().
+
+link:https://access.redhat.com/security/cve/CVE-2024-45590[CVE-2024-45590]::
+A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
+
 link:https://access.redhat.com/security/cve/CVE-2024-48949[CVE-2024-48949]::
 A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.
diff --git a/modules/release-notes/snip-fixed-security-issues-in-rpm-1.2.5.adoc b/modules/release-notes/snip-fixed-security-issues-in-rpm-1.2.5.adoc
@@ -10,7 +10,7 @@ link:https://access.redhat.com/security/cve/CVE-2024-37370[CVE-2024-37370]::
 A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
 
 link:https://access.redhat.com/security/cve/CVE-2024-37371[CVE-2024-37371]::
-A vulnerability was found in Kerberos. This flaw is due to an issue with message token handling.
+A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.
 
 link:https://access.redhat.com/security/cve/CVE-2024-39331[CVE-2024-39331]::
 A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.
