Migration Toolkit for Applications 6.0.1 Images
Security Fix(es) from Bugzilla:
loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
express: “qs” prototype poisoning causes the hang of the node process (CVE-2022-24999)
loader-utils:Regular expression denial of service (CVE-2022-37603)
golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.