OCPBUGS-89690:[release-4.14] form-data: Form field override via CRLF injection#16758
OCPBUGS-89690:[release-4.14] form-data: Form field override via CRLF injection#16758Pranavgarud06 wants to merge 1 commit into
Conversation
Pranavgarud06
commented
Jul 14, 2026
- Fixes CVE-2026-12143 (CRLF injection in form-data via unescaped multipart field names/filenames)
- Adds yarn resolutions to upgrade form-data to patched versions (2.5.6 and 4.0.6)
- All affected instances are dev/test dependencies (@cypress/request, gitlab, request)
|
Pipeline controller notification For optional jobs, comment This repository is configured in: LGTM mode |
|
@Pranavgarud06: This pull request references Jira Issue OCPBUGS-89690, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Pranavgarud06 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Caution Review failedAn error occurred during the review process. Please try again later. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@Pranavgarud06: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |