Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-34156 (GCVE-0-2024-34156)
Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-09-26 15:03- CWE-674 - Uncontrolled Recursion
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | encoding/gob |
Affected:
0 , < 1.22.7
(semver)
Affected: 1.23.0-0 , < 1.23.1 (semver) |
|
| go_standard_library | encoding\/gob |
Affected:
0 , < 1.22.7
(semver)
Affected: 1.23.0-0 , < 1.23.1 (semver) cpe:2.3:a:go_standard_library:encoding\/gob:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "encoding\\/gob",
"vendor": "go_standard_library",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.23.0-0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T14:04:16.338747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T14:29:46.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-26T15:03:08.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240926-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "encoding/gob",
"product": "encoding/gob",
"programRoutines": [
{
"name": "Decoder.decIgnoreOpFor"
},
{
"name": "Decoder.Decode"
},
{
"name": "Decoder.DecodeValue"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.22.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.23.1",
"status": "affected",
"version": "1.23.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:42:42.661Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/611239"
},
{
"url": "https://go.dev/issue/69139"
},
{
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"title": "Stack exhaustion in Decoder.Decode in encoding/gob"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-34156",
"datePublished": "2024-09-06T20:42:42.661Z",
"dateReserved": "2024-05-01T18:45:34.846Z",
"dateUpdated": "2024-09-26T15:03:08.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-34156",
"date": "2026-07-01",
"epss": "0.01127",
"percentile": "0.62348"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\"}, {\"lang\": \"es\", \"value\": \"Llamar a Decoder.Decode en un mensaje que contiene estructuras profundamente anidadas puede provocar un p\\u00e1nico debido al agotamiento de la pila. Esta es una continuaci\\u00f3n de CVE-2022-30635.\"}]",
"id": "CVE-2024-34156",
"lastModified": "2024-11-21T09:18:12.853",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-09-06T21:15:12.020",
"references": "[{\"url\": \"https://go.dev/cl/611239\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/issue/69139\", \"source\": \"security@golang.org\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\", \"source\": \"security@golang.org\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3106\", \"source\": \"security@golang.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-34156\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-09-06T21:15:12.020\",\"lastModified\":\"2026-06-17T07:33:00.720\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\"},{\"lang\":\"es\",\"value\":\"Llamar a Decoder.Decode en un mensaje que contiene estructuras profundamente anidadas puede provocar un p\u00e1nico debido al agotamiento de la pila. Esta es una continuaci\u00f3n de CVE-2022-30635.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"encoding/gob\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"encoding/gob\",\"programRoutines\":[{\"name\":\"Decoder.decIgnoreOpFor\"},{\"name\":\"Decoder.Decode\"},{\"name\":\"Decoder.DecodeValue\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.22.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.23.0-0\",\"lessThan\":\"1.23.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"go_standard_library\",\"product\":\"encoding\\\\/gob\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:go_standard_library:encoding\\\\/gob:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.22.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.23.0-0\",\"lessThan\":\"1.23.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-09-09T14:04:16.338747Z\",\"id\":\"CVE-2024-34156\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"references\":[{\"url\":\"https://go.dev/cl/611239\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/69139\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-3106\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240926-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240926-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-26T15:03:08.203Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34156\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-09T14:04:16.338747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:go_standard_library:encoding\\\\/gob:*:*:*:*:*:*:*:*\"], \"vendor\": \"go_standard_library\", \"product\": \"encoding\\\\/gob\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-09T14:06:46.233Z\"}}], \"cna\": {\"title\": \"Stack exhaustion in Decoder.Decode in encoding/gob\", \"credits\": [{\"lang\": \"en\", \"value\": \"Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"encoding/gob\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.1\", \"versionType\": \"semver\"}], \"packageName\": \"encoding/gob\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Decoder.decIgnoreOpFor\"}, {\"name\": \"Decoder.Decode\"}, {\"name\": \"Decoder.DecodeValue\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/611239\"}, {\"url\": \"https://go.dev/issue/69139\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/S9POB9NCTdk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-3106\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-674: Uncontrolled Recursion\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-09-06T20:42:42.661Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-34156\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-26T15:03:08.203Z\", \"dateReserved\": \"2024-05-01T18:45:34.846Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-09-06T20:42:42.661Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2026:1730
Vulnerability from csaf_redhat - Published: 2026-02-02 15:52 - Updated: 2026-07-01 14:48A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.13 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.13",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1730",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1730.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.13",
"tracking": {
"current_release_date": "2026-07-01T14:48:09+00:00",
"generator": {
"date": "2026-07-01T14:48:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:1730",
"initial_release_date": "2026-02-02T15:52:56+00:00",
"revision_history": [
{
"date": "2026-02-02T15:52:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-02T15:52:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:48:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Ad6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769802588"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aedc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Acc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Acd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Af2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769855900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769466677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ae8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769810112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aa1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769812327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769811895"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769718571"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769000026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1769852013"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-02T15:52:56+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:056dc564e4f8ee5ee816c008b962ca6e2de3b3e86c60fd2805654b6054948caa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:24eeadd822f6f30c5e587e9d3eba06f1856a2c2e9f47daf4bad706146f50382a_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:338cd06dcc742eb7f37b3ca02ff6c5902630e1466ce3dc6b73b49c1b2b8562fa_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:92e8d6d910fa92fb05e4e0a8046b03090643509fe2a67f8efc8e1bb2b93aba10_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:edc72269317914b4612ffe859a558a886b5a244d99c016896b126f1dd35fb299_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:11c27678e7d181621669548757d07cc9ed5be4e55043d4676fd4a2fb41433498_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1f9c64d9e2b9c6c1ae2fc5d00c83498a9bb8db3a0cf5fd3545a49cce65a998ef_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cc4a64957a3e97ee564e895c50d451dd0cd472ea635a258db2ea3a0bac83e242_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e8980b92b3c6c5fe6cb076121faba33f0c70bb980e349172c0d3732c52ab8c09_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:47e327e54e2dfd7b990a196e8864262ff2ce94e760caa96a163f44fb51119f18_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a1f93c08e02b3b2651f50bcdb8297a66a4f8a5221284f30c9a3a65a14784c824_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:cd984016e01cde762b5958b8e7f8ea9f17828348104f074424a3ed14604a2544_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:ed9b563d9a2133239537b37954bbba96ba6e17f9f64d899cfd51688b9bed040a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3b19f8efe886a379fcad216b583de6c962a231159020f363323d531c330350de_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:53c55f81a10b84f6c7756a98c30f6c018736d8691440408ded75a9d60d20abd7_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:907981736598e7544bebfc8d174fea92cc9a7769d649cbe8ce3cc296e6953856_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:f2f9b7f06fe1847d49a1d94069e1052b021f2169fb036f2b886f2f70859914de_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:d6728285a5552f62e96c93eb5b0eba181582890c4fce1a0b56758d2b3c4bbdcd_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:39a26364fc2794512c6862fd0333df158d8301ca82eabf53959561fc39fbbe0f_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:412a23db39debcda082d6d85807a7983aa474e3eea8f6780c619d0b371af16ae_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5e8ae98348f50d6a50ff31a3b099afb84109ea0892b9408d16f6f32b0b657048_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:63e2f0159c3521ea5d908f331979836af72c32f18104bcf915feab123e294dd1_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:6e048b97ef55a2ad081250608152c08613075713d9b10d7558becfb19ded8e45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:19951763d79334b5e566c8d9b5acf9524268d1e5864a574632363cf540678184_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:86224e8f5d9f5ede57e90166cde9802c1ef956737b711935b9269b387ea5b68b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f2c4a003335692f84e68cb660d61581a68c89607ec92fca9ca08a7e98efc8c63_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5050789c44ce9c4de52aa34acf375efe97708a313280e395e34a6d306e5d1e0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:117876c6c6a12beb25983da60c8c1628f350a1797888b9f03c44b9dd737844fa_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e82aac09336b0a36d5bc896826891ec41714ea1e05aac345a49abc4915b255ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:f58b0c52270707e15747b431520150641019c9b215e864c8dfe8dec1f6e94caf_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
RHSA-2026:1942
Vulnerability from csaf_redhat - Published: 2026-02-04 15:43 - Updated: 2026-07-01 17:14A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.15.3 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.15.3",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1942",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59420",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.15.3",
"tracking": {
"current_release_date": "2026-07-01T17:14:02+00:00",
"generator": {
"date": "2026-07-01T17:14:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:1942",
"initial_release_date": "2026-02-04T15:43:51+00:00",
"revision_history": [
{
"date": "2026-02-04T15:43:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-04T15:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.15",
"product": {
"name": "Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770135404"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134320"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770135436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ab33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ae657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770149618"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146565"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134320"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Afb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146565"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134320"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134397"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770134436"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770146565"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-59420",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T18:01:35.379361+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397460"
}
],
"notes": [
{
"category": "description",
"text": "Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib RFC violation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "RHBZ#2397460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
}
],
"release_date": "2025-09-22T17:28:53.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib RFC violation"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:59059b547d81061afa5296c9108100ad0a3b38204c369518079547f53f9fde39_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:c0c2597d756a64d1c337e4b1363237c0d0f0d51a3a4a7e66869d9de8fc107f5c_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:fb914c779ffbacc700738d66a879265eb16f00b93992df9110098fad1260c3ad_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:547045f7298b7f61aadb4078a7f98f09de79ea9a96d15334fb3dced867363799_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:08d2fa1fec592fa0e8adf5f32ea89bfcfef66b9d62fb16c059e0dfa7e30a67cf_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6549757fb3ab0a938995dee5a585ebea1b993b7a7acec3967814bc4edfe88dc9_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f57d155305428d13516b9952c61a2c0161dca997f6d68f1fb07ed974c5b24e93_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b33074468241b49cd55e104ace159501e5a9c85915e98db7d76414cacc0f9133_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:6cb7b946dc37ba1e17390da5d787cfd13df6060ea0ccf3aef848167069b5771d_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:71bb6e12ef5476df69c02f38d332ff93edec5652c70168250509afa366d35709_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:e657fb1bc3ac18d81475cec98ff2ebaf18c430f580706f8193ccf43cfcba9b32_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:1b029e5ea06245afa565ba026f0aa47e561b2c6d369f466ec445a16f6dbe0c23_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:313b6e898b506c035dbbe58d8b6ef295f4026e9f204983eb72e9e3a63bcefdf0_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6b206358b8b431d0e40ad8cfec4deb98eb65ce154a2975605a7afaaace1ad007_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8b26439b146800cd82f1a83e0d663bbc39cc7fbfc6ed6ce5be8ae0f63abc254a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:197ae6472f0a4fcb33363ed461ea9f465eeff043d88c9d2e27f419f3e68a1a7d_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:50859e911d5bba00742d36bccad895d8951a61cb6d94eccc02c68a6bf760e93c_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:6143158e553f1f0284ec0b41932a03e8aa0c276b54f5bdf9f6bc9c7104215801_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e51928f87c59cf9226f0debfc91d09683a94a829af498b917d6687fc67f7a916_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:7bfb851938e312f47598891ba9f0d7b17e6657090e0204d37d5676313b33f134_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:a8daa359ab7a0bc9722b25fb87aa6fd253506632640bfe7f31c9c92868421ecb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2164
Vulnerability from csaf_redhat - Published: 2026-02-05 17:49 - Updated: 2026-07-01 14:48A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 | — |
Workaround
|
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 | — |
Workaround
|
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 | — |
Workaround
|
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 | — |
Workaround
|
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.16 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.16 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2164",
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34155",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34158",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-30204",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2164.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-01T14:48:28+00:00",
"generator": {
"date": "2026-07-01T14:48:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2164",
"initial_release_date": "2026-02-05T17:49:21+00:00",
"revision_history": [
{
"date": "2026-02-05T17:49:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T17:49:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:48:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.16",
"product": {
"name": "Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ab4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769716926"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aa4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3Ad0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719543"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697862"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510077"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697472"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3Ad6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ae538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720356"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Aae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Ae422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719402"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509581"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720169"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Aa527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3A694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769721945"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769722065"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719408"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719421"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719482"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Aff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769698118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769719549"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769716926"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Acdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697862"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510077"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697472"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ab512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Aac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720356"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509581"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Ae7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720169"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Acc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Af2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769698118"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769716926"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697862"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510077"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697472"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720356"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510286"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509581"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769720169"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Adef7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Ad43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769698118"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Acde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510077"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ac382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697597"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509572"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509581"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769697757"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769510518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509589"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769509748"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64 as a component of Red Hat Openshift Data Foundation 4.16",
"product_id": "Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:06.929766+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310527"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "RHBZ#2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://go.dev/cl/611238",
"url": "https://go.dev/cl/611238"
},
{
"category": "external",
"summary": "https://go.dev/issue/69138",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3105",
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"release_date": "2024-09-06T21:15:11.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T17:49:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T17:49:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-34158",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2024-09-06T21:20:12.126400+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310529"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "RHBZ#2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://go.dev/cl/611240",
"url": "https://go.dev/cl/611240"
},
{
"category": "external",
"summary": "https://go.dev/issue/69141",
"url": "https://go.dev/issue/69141"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3107",
"url": "https://pkg.go.dev/vuln/GO-2024-3107"
}
],
"release_date": "2024-09-06T21:15:12.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T17:49:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T17:49:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T17:49:21+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2164"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:47a959cc6f8fdc22c33f3220bf2f46afc36f2f4550c0be5a8d494507f575d251_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6b79a6a9dd9d44b0af2be6e721c88f48ebf4fc9add4ca5dba0424081ee0305ec_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b4017a3f3a28295f04479240eb2f676d89a0215573bcf53233a8a917b7797e7e_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:3fa0370b77d5f5b75b29303c25b8a02ed98e022d201b960ae7f76a1f5fbeec5e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:471cf5dcd91d7ffba22cde9e9c854d44542af7c5f173f8ab7cb93c23d27707eb_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-core-rhel9@sha256:5941c2a273c644aafa0953cdb610d6ec000e422123e526e35b6ccab83048e2e6_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-operator-bundle@sha256:d0bb70f8364603ec6372c5beec42d2672f186f1055d021bd9c9bb515d1b5ac31_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:43fcf6959cc6cccde070ed4cf70c0877bf0af747e7c1fa92314d796f31cc01c9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:699cd274ecfa260ebdafad844e9ea0f920da7a041fdb3bd2ec984314ca63ca6e_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:a4b56f6fd5aaa352ea5378174a89af53270d3634fe599add99750b1682e31b1b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:cde511cc866cbdbead632cc65796294668a108b042383a2c82e9a8a37b577ce5_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:50ff6b8bccb25519aba55a1ba926a543a924130ea9506c682ccfdf685e81844e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5a4ee1bf283b2854e80035faadd4c2358aa3420b4da2f6131de81309278fbff6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:cdeaad64315c5abd31e06f163391b4aa8d4612dd62b7e50b6e2a679772e4b3ea_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:425baee910efcc5ac66860165d01ab030f3726d240d38d1c90efa33100cee6b5_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:047dc620cbf080a440fa5d5899dae1ee78f42f00b57994e23601eaa68e5c8a03_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3affde9b505e083508f395c88c1921838e384b402962695af718fca8e01ec8ce_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:6c5c24606f4fab8d78ef7fcb2d2c0f390a06b85ae23fb7b8c87c9ca3fe2ce67f_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:9c112a4dd9739bbc45eab8a1622fba5f611d0b466afa41cad5f09702a672819a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4ca85db5f95eaa2176777a354f03e65da5caacf4877d6b281a1c4d0bb8e82257_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5b4892c4f8dee8eba8c56d42e327ad514852422443f9fffd320738abf0f4bcc9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:96dccfdcdf8f1e57e7017f16dbdb4d2e7f22c9c7a3529c1920b0c1c58ccf688d_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-operator-bundle@sha256:d6fc4c01530f5f43801094608cb675fda826dcc934b139f8bd740512908caf5f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:229abfc417053621b89b2cf37daab14eb981cb7f881fae63e90bf3af6c0f2d49_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:491b584dd6612f599b86288f6977677d961a86ddc47a62bdc028865caa2c6533_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b512157c94826d9ec1ca9e814cded99835cd984350ba6efe423cf70d1f7700d9_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c382cd1d77428f4e177a45d3d5c996b2474eb1daea17218c2529a6d7d77fb7c7_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1658d343c771afb08401d90436ea38f0b965655326b81deba2facfebd7f436d9_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:227110cf83abc62e8bf9d1edbffab292b4f3cc6e08bf94bfad0f73cdb42494a3_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5d4041eafb1143ec1c19a02f11737b1e60e40559dfe1a59be05d5075d8179571_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cli-rhel9@sha256:ac92cd35c9af846fcb7021a0ed5ada4676f96861775a10cabd9d1f7c24011cd1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:49ef00a91520b85d8e02ee3c5f787d02c3ffff3f7a630f21e363671b9657cb1c_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:7e9277018d8c44b134d405aee6a531b7685d95085ca7bf308aaa886810c30adc_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-console-rhel9@sha256:e538623b8c15cbd969ee6b4cb61b18f34b8e000b70979541161d113356e23f68_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:190732ec87bd61cfee694d5d42718d1ed04eea5b3ddea93c281cf573a34508d2_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2be91cdbf1b0bdd5912299b4ce157b942813442ff1db29ca3d945d6ca18d57a5_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:4ebd79599fe01e1787e9467a45429bb86279664c9da5b2dc2b1452dea31d8248_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:e422f88e2fa90425a598f45e548e9bb3e8d8df91826c36e98b5109e26bcc87ce_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:38f01e9230de592ab90f88ab5a9c20fd737614e5c609fcbc6bf7b6f8d7a10eb3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:84d39031cb93af89a51d8e96fb04a008a9ca1500fb9d79f50b5953f242bfeabc_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ae9e54fecc6763614c5479b48e805d7437ef89990a87f544f913cfbe812c353b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b938ceedcf36c0ca11ff714e2a19279fb475d95a058fe484c462c4b0458783c3_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:2b85bfdb796d8dd747d83290ded528567f05b3eda3266ad4d9ee3da20086ec8c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5419b0ce47117c2750fced66a9b60508e52e7242277d3cc151d78df9212f5e8b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:7490cd67ad8376dc4e5722c7d44d29d3b1c05f1f05aecd71176f47e7cf60764f_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:9b0921fe95dbf5101d662fea188a2b5b3aabb83513f92167fed5befbc7dd4222_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:38afcab2951e27bc6f887697eeb14b19b230db88e2287ad484b4693b810caa5e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:757eb0d28b1e1121eb338dd10eb6de594787bb361509ce2d796f3b83e19fc306_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:e7f260f7615562fd988ef88433a7090c59afe940c4c22a1678629345095a7fb1_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:694f9af90559e9d52b362b53287f96914742af046604e7309b3756ab52ce83c6_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:355b62bf730acc1d9d6bd5ea428ce6f75e781649601685263711f09c18487362_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:8da13d298c611124a3e50cce84646c913447f2352e6fae86b67eff53f57dad97_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:a527e15ff4cb8695c40302c985d13f337a4458650ca0e3052f4d96fbbfd4f5fd_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:cc5e5b355904d800f6ae1db9d4c25ff0668783feddab0c9cd3376784d97e9dc3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:142a5eb52b0e91391409a9a0a2fdd74fcd5f08f686cfdb5f9ffc7d8492846ad4_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:3f0845bf18614833ad2e5f1d5d50c7647519be2d5a5585b9e816c0dfbcb44df7_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:6fb437aaacc89900a069271cc9e36c500d8f7f0c1277d07efa52f048e7c152b2_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:def7d91bddd8cc03f5c99f178c2e05e2cb79a022d494b68a7cdc6297273de93e_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-operator-bundle@sha256:68557c66e50d4a4d77a4eb98748c3e2b390ec7935f34098fce7d171973a0c366_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:67964c4164ce15b826dfbe35d0974465b16dec5e32977a0b6aade931376b263b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:150934ee4db47f6d25b173d87f23a939fcaa16c6e4dad7f3a0ed4d62fbd8e63b_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:25f67bcd1a378e1551224f1222e1f866c65a4276b1c393757fc86b560a21fb63_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4afb5a78507065ce2e595aa386fb9a788ac542baf24d290f74160daecf79a9ad_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odf-rhel9-operator@sha256:92c74c2813019bb65a1f89bf4031f0ff0c8ec3cf1636e8350ff428c294661f9b_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:3e8410170cb3d446ffffff39a14a4edb73df2a669148186f9eba7d3d8e537993_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:4ad30ed5d799b6f8ed0c12b37bc56d2ccd4c502f518ce72e6e560db560128660_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:2332d671e5866e3fcb7c1590c55a876c1626e0983d8e72eb3233122f80ed201a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:0a1e2f8bbb79caac3948173c68fa22908cf3a7630266dbf5157a727c6c7b2aaa_arm64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:22efbfa72f33cd99b4afc04e8ee40320b27632886d14e5a7e8ed8db976ebcbd3_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:50e74ec89bccf30b13917883e02bfed0ce79bb5d9f4328b59ead1b78fe97602d_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d43f31ad5b1b125ec931ba2d2e143b5485655b072026a1bc62abcaf9ae060829_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:917798d2797ef17e01e67d35536ba4b2f5901e762329d8edc64aff102db7e00a_amd64",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4edadab11b1487c161d47f66b803413855031855d21bf62f6c252c464513d7ca_s390x",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f2517731597f868b0bf27c51eecbc03a40a3eb3554f6327fa2feda72949a3c0c_ppc64le",
"Red Hat Openshift Data Foundation 4.16:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:ff89732d58e69aa5ad92882f21a45d416878a8c1fa95518bcc51d01100d8340d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
RHSA-2026:2172
Vulnerability from csaf_redhat - Published: 2026-02-05 18:06 - Updated: 2026-07-01 14:48A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 | — |
Workaround
|
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 | — |
Workaround
|
A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 | — |
Workaround
|
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 | — |
Workaround
|
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.15 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.15 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2172",
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34155",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34158",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-30204",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2172.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-01T14:48:34+00:00",
"generator": {
"date": "2026-07-01T14:48:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2172",
"initial_release_date": "2026-02-05T18:06:29+00:00",
"revision_history": [
{
"date": "2026-02-05T18:06:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T18:06:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:48:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.15",
"product": {
"name": "Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749709"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Ad461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749787"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Ac6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749974"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Adeb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769748990"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749098"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Aafff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749142"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ac92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749305"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757921"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749261"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Afa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749419"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749530"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Ac46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749709"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749787"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aeb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749098"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749142"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Acf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749305"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749261"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Ae027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749419"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749709"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763491"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3Abb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749787"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Ae7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749974"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Accebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769748990"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749098"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3Ab2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763472"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3Ae76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749142"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763563"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Afa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ab7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3Aa4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763478"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749305"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757921"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749261"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Abdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763485"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749419"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ad62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769763505"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749530"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Aea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749709"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Acb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749787"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Ada9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749974"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769748990"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aaf18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749098"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757908"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749142"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aabbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ae6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749212"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749305"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ab77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757921"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749261"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769757671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749419"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1769749530"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64 as a component of Red Hat Openshift Data Foundation 4.15",
"product_id": "Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:06.929766+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310527"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "RHBZ#2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://go.dev/cl/611238",
"url": "https://go.dev/cl/611238"
},
{
"category": "external",
"summary": "https://go.dev/issue/69138",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3105",
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"release_date": "2024-09-06T21:15:11.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T18:06:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.15/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T18:06:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.15/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-34158",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2024-09-06T21:20:12.126400+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310529"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "RHBZ#2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://go.dev/cl/611240",
"url": "https://go.dev/cl/611240"
},
{
"category": "external",
"summary": "https://go.dev/issue/69141",
"url": "https://go.dev/issue/69141"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3107",
"url": "https://pkg.go.dev/vuln/GO-2024-3107"
}
],
"release_date": "2024-09-06T21:15:12.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T18:06:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.15/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T18:06:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.15/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T18:06:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.15/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2172"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1972346c4c373904610f1c6653003b2d5201447739afb371940c697fa36f06db_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:39c77257153806350a7141d3b1abd312f9300b7eaa2b604b8ece1a02893fb10e_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/cephcsi-rhel9@sha256:ccebdd77596e7390b18108eae3ae9058ee2ad9743e80f3f35bc30eb7d0b7c794_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:108c7b2b69d2018bb6c9e6741fceee0bfbe603fc0062cd1290eabcbe56d085af_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:56c56fa6ca1d34189229bb405f4449479e8565a4ee50b8b88978ed17bb33fa84_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-core-rhel9@sha256:deb5138606d04414b03a42c3752a637ff7598e852a2f42e9c5c4740edb25d524_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-operator-bundle@sha256:b2e9d42d1ebfb6f36434b95adf4210de1fda441e9987197661d095757213910f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:5cf39834213b82b4c9f2100c1dd602887eb1806bb2323e89a65cce94a64cc167_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6e968ba345dd668e31596d07a3d8496d7e7f21ae96d3e4c3e3ee36b7386301cb_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:af18b37211070442ea2c07caf7e64a198a6163f57a28315ad760a55a272d825a_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:eb8c830a7e190d1ca765afdf7c0e0838e4ac1fbea4a02eef94e88d276c663f4f_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:6f8305a751c87f0976c3ee9317716c3a3fa716740a0c208dfb528a4c05a4b8a9_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:810112ddddf7bf755ed6a1da63bed32ebb87a7efee646a4a1eaaf4f64dbad440_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:afff7ada1847281a3d4fade353eb5a2474adc0c8c5eddbdf9ad82b28ff911221_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:50e55abfdd65bbbf5b297bd91fe217a3d50339ba6ca4a0bfa7f8c51557ca538c_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3c5c8e0d264c704b16402064cdb9c9427f30b08ea91be79b0268463ef8293a58_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3ff7f03128deb4dd8164b1e860e368bf0f60581c591b2854d8d0cf22f820c1db_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:7617f9c2f6c8ee73fb21f9d39aa5efc0461ed932d906b4b1b51b14cc6e330501_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:e76942cdd3a6cbe5ae0c3f463800b56709d1e43f6070b97eb1fd739c74940a71_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:4236b31472e08f1e195bcf52c839a6ae130c3670fe0ea5ae0d69082d549fb64e_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:abbe0da7973e33836025748fe53d71cd12193fc8282778c3c9538c1fdc8ce807_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:fa4ddc9392fa793f52d2f41b7008ac31cd5049da4f9dffb314de329474a8c1e2_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-operator-bundle@sha256:a4a7621b63773e7bd37c2e9025d29ea2473b0af17cd2eda78c501096b5766b90_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b7f25e354fe18538de0384ebb3c8023437eb710096df8fe1b38f856ea217895a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c92630bb0f3df1da5987631f07e6f584d51495017fe3a3d033a0a2c4bf4a0bb1_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:cf2b4e3c1d9ad247ecdd80536966263c0a679220769692ecfa0d026a03b16988_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:e6efcbef4669e3923e7e871b020258a77f7a4f2ffb981a51e71eb5d4471052cd_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1d50736c62fe89c39e91aec36259862562b5642a32183b93982b214f9e1466f5_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:32b7ec47d6de8528a875b6a3bb703394bd8a2cee11f1263cbd85e5a6da88576a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:5f7a6746a98a78d43137a514d9db1fac6275ae089ea74499a2581cc2bb6fe9ee_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cli-rhel9@sha256:615a15a81f12719bd01574d900167e5db34ddd044679c6c165b9e0b06349ddf2_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:025680e0a38837852b8d8c3fe62e0539ef424a282b9fdfa3436b33aeff4d839e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:57035948df4c4f5315a60ff57042f11f564ec195d8517188cfa4ee7ef767e871_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-console-rhel9@sha256:b77b376c960b038e989141d5564d06a661c730f58ec7879c5475bcb6bbe5c47b_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:16078bbda1255d54dfee917cec0309125c953380944aec89475b41b917e127a7_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:75c08058594e2a1b3cdf60e4abe85a8607e4c86152c523e6be52ee61972c2744_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:9e36bfe7de0e05bdc497052b801dd40212cecc9b6af78f9ddfa9e0f38db88703_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bdb177c25cbb41b0c67e8eca925e7c870d863f7acdd9f31cb955d7a68e1c17d6_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:4d6fcd9c5d5ec84ce24c9ab57911ef671596a145890c3776cbb048a3d9e6ebd5_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:87868923b9c21b027d4e90bd262d164e5178040299608ba92125d2417618b504_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8b3929a262eca5abb6270477b58b2e645c6d537112afbcc4068a2301208558f0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b01044e7a31cc060af458ba40e91c67fcebd13aac0e97553f89df71bf387f106_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:24ef032d4a7170542fee33772f9f34cc71ae500834073e83483b53a4ee98c3a9_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c6c11acccb35d0218630a642cb594e7ad98e3ec7e1548e58a5c7531d2c90cb2_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:6db580b50dd9e64f5d221e87a74062783459921a1d8c57f69bb7aa7b8ab2621a_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e027b3d35f60e4a0adc610e26cabb33ac2229431a72a2d26e24b4049d20699be_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:340263ebbffe8a45d40ace68792b8b52012806481b9f8c312605c84d44b2a3ab_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:61f166f8b861d8efc1df0443ccbb1ae25801424187d3b8da3af1c44cf37caf9f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:fa4d338734a117b0c4ed5d55a88335eb939bb0a997f8d743dc26458b53facbee_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d62da1538cdcd7534e70b192c33eeec65459ff926e52c0d394a555f44f9ba980_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:2c246833581e1af200bf67976557c122903283982c62930f1d6f1bd3034879b8_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:42a33efe4a21e40da1acbab3f9fc6c7d55e8f63f0986fc7ca51a380c614cc568_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:69d1cde37bbb68833b884ee8d2a7a3cf2708429465e4a8da5c512d87621ffb69_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9614f2bd3734432fff8e4361709dd52a282c38cff2ed045cd24b6a2dcdd4b9ba_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:080bebcaa4604488d093d35e4abb28bbfef0fd55e840c5ee0b4ca75941d6c937_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:268840c91a908d56f2432f81edd8c89359fd4656d96ab65bbe3218fb827302a0_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2d3c6b8a628fed8dc76f408c06dc9e3aaa0b419723ebf9d126ed553e69cec293_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5a5de2b1043ded13b9db1a5d1102d26509c02ad026b9970d2fe50081fbff1ef3_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-operator-bundle@sha256:452913d1d8794f3e544eb0a628c6dd4c370397068f7e80d2ee60204595b17adc_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:2fa91ebcd4d0c0eec8017db14302fa0cef3d3538e296d6e8c5e0c2a5364f085f_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:74851ac26cee1974f88dade72534ac714c82bbc8e7edcc91f9036ae98efa7a0c_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c46654a474ee6733fe6885131789f7e93633f13eb281a1d38ff263ee04ad4185_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ea8d75c5287baa9542620df7f401eea4d33bdf32bb6eaf87c969214342938bda_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:049295b3806d0af02068ec08f418940f6cecefa9552b69e1d864495b6762491e_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:bb2de6047a196b52893da6b265adf5bdf1ed4673d625bace5acb239cb70362c4_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:537ed7d81e3e02fa53eb3778cb0fb5b066630ca476abd19aeb9c9c8f176071df_arm64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:9ffa0c4785024828bd0668fe1ba8aee951dda8638d8ff1e849927658c103ed51_amd64",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:cb496801094953e862752507de44b7456b1af75aa666e7d6ce8b4bc4f73e7f3d_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/odr-rhel9-operator@sha256:d461d85b2d05f1e87fc546ed2b38c3d52a54aec3f5f5a575df795975023cdbe7_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:c6ff6a38b99417b622112f01fb5b0ac70d317de402dc18c43cedfb8e628814f4_s390x",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:da9b52e519cb35cb1d8a810da73ac8e653c5cbefb0d9aa3ae5ab2cb83978504c_ppc64le",
"Red Hat Openshift Data Foundation 4.15:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:e7537515d29ea7d3bdac4be7904cd7d5f94dc0784456d55d010110f9bc082ea0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
RHSA-2026:2681
Vulnerability from csaf_redhat - Published: 2026-02-12 17:29 - Updated: 2026-07-01 17:14A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.16.2 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.16.2",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2681",
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-31133",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2681.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.16.2",
"tracking": {
"current_release_date": "2026-07-01T17:14:14+00:00",
"generator": {
"date": "2026-07-01T17:14:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2681",
"initial_release_date": "2026-02-12T17:29:21+00:00",
"revision_history": [
{
"date": "2026-02-12T17:29:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T18:38:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.16",
"product": {
"name": "Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816239"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Adda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770817752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230686"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3A9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Afa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770841176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3Ae3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3Ac96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Aafe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3A8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel9@sha256%3A9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770762347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel9@sha256%3A3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel9@sha256%3A146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816438"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel9@sha256%3Abf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816381"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel9@sha256%3Abbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770816415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel9@sha256%3A96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770836901"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64 as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le as a component of Red Hat Quay 3.16",
"product_id": "Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-31133",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:17:18.235000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404705"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container\u0027s /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instead bind-mount the symlink target read-write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "RHBZ#2404705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31133"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix\nDAC and thus user namespaces stop a container process from being able to write to them.\n\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n\n* Depending on the maskedPath configuration (the default configuratio nonly masks paths in /proc and /sys), using an AppArmor that blocks unexpectedwrites to any maskedPaths (as is the case with the defaultprofile used by Docker and Podman) will block attempts to exploit this issue. However, CVE-2025-52881 allows an attacker to bypass LSMlabels, and so this mitigation is not helpful when considered incombination with CVE-2025-52881.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape via \u0027masked path\u0027 abuse due to mount race conditions"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T17:29:21+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:9784029a9d44a605dd28583416a7322c84189f4ee8e1bfa1be822d9260639d35_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:afe2137c2002e07f27b105b9db90030ca0f3347a038ab8418d257dabe7aefcd1_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/clair-rhel9@sha256:bf85b1b91bcbaea8cb0fc021d1f590ba3da4e0b2f8703cb449791ece5930d68c_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:dda553368706ad66215cc95b9b0306808531b0ed92b7dc7880cd2c95f8e0faed_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:3b252ccf24df27ea02a005d734eb501abf989b97b5d9e3ff57aa3b7e9633f165_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:5eb5f4aafd4fa3b53c6477424946f743bf5236ac434ddffa8a887a26a47e0fab_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-bridge-operator-rhel9@sha256:c96f472d44fff765175c4ee77ddb94bfac580105900f5e21274e959099bb97fa_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:6ac48cf92c9bb3d6eac9645ef203bcd2e475da36c182eed9ceadc3490e77a042_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:146699ff1cd4f8fdf19594ad5ce11dcafe9f8a266c94b104826c871b675f92e1_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:76354449e4e8b67bfbbfae10337b7d50fc657c909c8798fddb95dee408c3a9f2_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-builder-rhel9@sha256:8166562a51177faff8e520980153e1760a4863417a824ac15deb4314afcf1925_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:77387c33232561396c8826a393d17771bf88aaad90436c4e1e5aa36891840b16_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:1f03a49fec5f575e98c3f37ee081d5510a87172e72bc66627f935314d11a67c4_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:9969081b9da11f5a56d3ebf9ccd9428d9d59741c058abe4510e7ae3375a11519_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-container-security-operator-rhel9@sha256:e3ab3a505d3d08f7bad3c899f40727e2de524cd14c4c44b00f44b7b42f7ddd21_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-bundle@sha256:fa64c1d47fc10d14120ec9e7afc2e253620fdc28592f4d859350db4fbdf0fae2_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:64adacf9cccd05601f4a7b38a7cd55d55291583dc9d33e4cfd1e4fd426cd0936_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:8a1b8eedcb8e36ddfb1982062ad379c4f65f95260545d05d0cf10918427089d8_ppc64le",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-operator-rhel9@sha256:bbbd11d9b959ef12ae61a7975ffb08541797b0fad2d098781ec4543fd4ac2893_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c_amd64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:45de5fc478cb2734b672630c67ffee4e6b98954848b97ea9a1cc9903a53dbf8e_s390x",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:96588daff01f27db2ee335dcd957e9dec7f38a2c573e2968d9bc5835edc2957b_arm64",
"Red Hat Quay 3.16:registry.redhat.io/quay/quay-rhel9@sha256:9f58fc80db29fa44684c6e39bb2eda06e86ba34801d5e04468941ac8d0b754eb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2754
Vulnerability from csaf_redhat - Published: 2026-02-16 15:43 - Updated: 2026-07-01 17:14A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2754",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2754.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.18",
"tracking": {
"current_release_date": "2026-07-01T17:14:15+00:00",
"generator": {
"date": "2026-07-01T17:14:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2754",
"initial_release_date": "2026-02-16T15:43:51+00:00",
"revision_history": [
{
"date": "2026-02-16T15:43:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:04:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249996"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249993"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991979"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770223960"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770230842"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991332"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770306794"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133364"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770856103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T15:43:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:23e78fc33f834e7642200ebd89a25f6df96086ebc85b7b796c12defdaf6db55f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2a0c6197cfdf75f8e61c9b0b87c4ac6698eb2bd74b80a1a18b8aa7e3b58a7b01_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b3a69da280042a4a49b46b4c5d68fb801fdfb48ca34838ea95f8689bfd7cec7f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1ed8034054fb250e96f4ae309456ad9c91c85a4f48e6bad04ee3a941ddf5bd6d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1afddea1de67e463112304bbcc542ea3d9196007555b081019272d54726500d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3697f2c97db2d2bc79bd5497cac707527aa20a515dc8518b2cbe90558d12b9a0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:7affc63bf40c45403c588abf5dfb1d0f4c5927167a55710bc428fd6162171ed8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:783306371d102407ac1ed97c329cf370324538c7bfe35476d0530e79472a036b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:30a5752fa7bfa250cbd36e4d96a2109f539cd8a00b51f6b7e091161ac212b5dd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:4f8a3dbc431ebd001943b4d2af1a0bd616462e1773e6af87fb03fe0f4e788b2c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dbded8952fe20c611f5f0c75df4e4361f71a7416d7e5a9c69f837c6a6f3a55e3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:2d53cc0c05bfa533348e4b4718707688dbfed79f3c6fc2e78b49881c7cd4bd66_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8087b2f8f5b4b11368129427a054891e7a5cfedfe2a0e403aedc1d4ff0d9a053_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c30ff14fc21c1656c3dede8d71b5424db37974215fb6ba5941a3c82613527a75_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e2feb4a831e033a4ead342e72357c28e7c0ed7681bdd4c4d150ef1ecf968923b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:0b79ca52ec69f9ca331876132740653f6ee6c7c01df176268cd581c67d3627e1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:435ec27ca9b4cee51effcb277e34b999f148725a1f2e7b8bde52d76730a41904_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:889a5c7117b71ee4001bfaedbc88bd87055d2969b7d4b232a604e0559d6e39f8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:bb73f7061e402e9b5beb80afbb4d521d9caa1a3745f8f645d0458e78fe4de592_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:53559b73783776cad55684eaac61524a9c17669cb62b5794737c3e4c5688d874_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8add5a3b448723ff62e1ede9749cc970516a6af55045bd63ede8062b11fe4faf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:8bd901f9d03817e599a73b4f4355236320bec1b803bd9507383277f27fde4319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:2762
Vulnerability from csaf_redhat - Published: 2026-02-16 17:44 - Updated: 2026-07-01 17:14A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.18 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.18",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2762",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2762.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.18",
"tracking": {
"current_release_date": "2026-07-01T17:14:15+00:00",
"generator": {
"date": "2026-07-01T17:14:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:2762",
"initial_release_date": "2026-02-16T17:44:31+00:00",
"revision_history": [
{
"date": "2026-02-16T17:44:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T17:44:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.10",
"product": {
"name": "Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Af006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249881"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991805"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ad8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770993022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770224116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aaab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133631"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770991340"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133671"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770133646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1770249183"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T17:44:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:191ca7ff2973addc6e654d85d8c764128aa0f314f5733673f884726f65d39cef_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:1c8cdc119d2774968249e45f44d6c6b8db7be5d1722a10370d6a5d8a610bdad3_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:31d6f3852e464d9e691d671ca9e31c7ffb74eac660f2dc1d174eb9541f77025b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:27c6e90239456e04b5d4788207c4b93d2a501e054c531817a5d9dd1d3050e88b_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:085401485780294ee1030fcbcf9e5b27d424175539a3c6b58aa1510464506fac_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aab02c5996a8fc6b4a5ccc4c5fe8e104117ecdfb89053ad76c243f098636bf47_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f7db77081450f895a76d5f2bd14801cbfba5aeb8feabc6488686358312a006a9_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c5efa89a8889042a125561e20ce918feab88ed8bb2e82a6dbb8e63a48e188cee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ac2270f040425b228c5be29498fb3b7179cc1c2b89ffc498d0e533a1f215913_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:7fdd702d7a92b1ecad9e8aed2572c66144a8deb6b7796d422ae192442d35fecf_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:d8ed6625f531394ab4bad84d68e24226e887ecfbd09c57cc63e005879fb49525_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:f006b674a07b09680682842c3e0f6a543fb19865124bd0c23d3fe4faf75a86f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:0a1b0e6be074b935cc6dc0d4782cbcb0afa8e86e1fa1eda7a107994c933554ee_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:17cd981b26466b0ec48f051f9c9b9168af6780006031a128c7f7a03a5622b8ba_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:571a99e76806fd7d7fb805fac388fd450d9ef58a00a95f90c9dbdc32ed93c44c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:363e7b4be994bc1aaae25be1b26e400631aad24e92a7a5ee7f9d2ca960cdb420_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d396616e44ed9de0e390c19cd893fb39681d32a99f30c0187dfa54f1089e980_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:7b6239fb3d5ff13816e8c348addba581070cf104a81bf9b2019841594f30980b_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:8d7b4ba73bc93b1bc69027d37a5bdcf43dbc31a06b5f592d36ac5b9d2641a839_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b46b24ca0902be8f03b1ffa1b593ef55a4d92a9660adb4b8b4d0f44692431b93_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:b54b571ac2f245f1a2eb1c7cf0dff6bc24ca6b9706ab8ee2dca323d561238255_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:4215
Vulnerability from csaf_redhat - Published: 2026-03-10 15:34 - Updated: 2026-07-01 17:14Azure Storage Library Information Disclosure Vulnerability
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of inadequate cryptographic algorithms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn't expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
A denial of service flaw has been discovered in the python Authlib package. Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — | ||
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.14.6 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.14.6",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4215",
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47273",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-30187",
"url": "https://access.redhat.com/security/cve/CVE-2022-30187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47081",
"url": "https://access.redhat.com/security/cve/CVE-2024-47081"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-50181",
"url": "https://access.redhat.com/security/cve/CVE-2025-50181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59420",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61920",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45768",
"url": "https://access.redhat.com/security/cve/CVE-2025-45768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4215.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.14.6",
"tracking": {
"current_release_date": "2026-07-01T17:14:43+00:00",
"generator": {
"date": "2026-07-01T17:14:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:4215",
"initial_release_date": "2026-03-10T15:34:38+00:00",
"revision_history": [
{
"date": "2026-03-10T15:34:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-10T15:34:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.14",
"product": {
"name": "Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Aa7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097298"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ac4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097803"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Afd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1771008628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aaea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1771265622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Aa4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Aef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773101667"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097621"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097298"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1771008628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1771265622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097621"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097298"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aaa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1771008628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1771265622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Aaad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097621"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097298"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ac33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Abec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1771008628"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1771265622"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773097621"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30187",
"discovery_date": "2025-05-06T16:30:59.189000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "Azure Storage Library Information Disclosure Vulnerability",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. This assessment may evolve based on further analysis and discovery. For more information about this vulnerability and the products it affects, please see the linked references.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30187"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Azure Storage: Azure Storage Library Information Disclosure Vulnerability"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-47081",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"discovery_date": "2025-06-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371272"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "requests: Requests vulnerable to .netrc credentials leak via malicious URLs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47081"
},
{
"category": "external",
"summary": "RHBZ#2371272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371272"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47081",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47081"
},
{
"category": "external",
"summary": "http://seclists.org/fulldisclosure/2025/Jun/2",
"url": "http://seclists.org/fulldisclosure/2025/Jun/2"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/06/03/11",
"url": "http://www.openwall.com/lists/oss-security/2025/06/03/11"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/06/03/9",
"url": "http://www.openwall.com/lists/oss-security/2025/06/03/9"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/06/04/1",
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/1"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/06/04/6",
"url": "http://www.openwall.com/lists/oss-security/2025/06/04/6"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef",
"url": "https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/pull/6965",
"url": "https://github.com/psf/requests/pull/6965"
},
{
"category": "external",
"summary": "https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7",
"url": "https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7"
},
{
"category": "external",
"summary": "https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env",
"url": "https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env"
},
{
"category": "external",
"summary": "https://seclists.org/fulldisclosure/2025/Jun/2",
"url": "https://seclists.org/fulldisclosure/2025/Jun/2"
}
],
"release_date": "2025-06-09T17:57:47.731000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "requests: Requests vulnerable to .netrc credentials leak via malicious URLs"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45768",
"discovery_date": "2025-07-31T21:01:30.698283+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of inadequate cryptographic algorithms.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been disputed by the PyJWT. The developers of PyJWT confirm that this issue is not a flaw in the library\u0027s function but rather a potential risk if an application developer chooses to use weak, short cryptographic keys.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
}
],
"release_date": "2025-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pyjwt: pyjwt Weak Encryption Vulnerability"
},
{
"cve": "CVE-2025-47273",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-05-17T16:00:41.145177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366982"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability in the Python setuptools library allows attackers with limited system access to write files outside the intended temporary directory by manipulating package download URLs. This flaw bypasses basic filename sanitization and can lead to unauthorized overwrites of important system files, creating opportunities for further compromise. While it doesn\u0027t expose data or require user interaction, it poses a high integrity risk and is especially concerning in environments that rely on automated package handling or internal tooling built on setuptools.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability \"Moderate\" based on the impact of the damage caused by a successful exploitation and the pre-requisites.\n\n* Exploitation requires that the attacker have limited code execution access to a Python environment where they can trigger the vulnerable PackageIndex.download() function\u2014this might be via a script, plugin, or automated job. Full admin rights aren\u0027t needed but a user with no access at all will be unable to exploit this vulnerability.\n* The vulnerability impacts the integrity of the system within the same security boundary\u2014it does not enable access or compromise across trust boundaries (e.g., from one container to another or from user space to kernel).\n* Successful exploitation only allows the attacker to \"create\" new files. The vulnerability does not provide access to existing files and by an extension to any confidential information. \n* Arbitrary file writes can overwrite critical config files, executables, or scripts. This can lead to persistent code execution, system misconfiguration, or unauthorized behavior, especially in automated environments. While overwriting critical files could theoretically lead to service disruption, the vulnerability in isolation does not inherently cause denial of service. The exploit doesn\u0027t target availability directly, and in many cases, systems may continue running.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47273"
},
{
"category": "external",
"summary": "RHBZ#2366982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47273"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",
"url": "https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",
"url": "https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/issues/4946",
"url": "https://github.com/pypa/setuptools/issues/4946"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf",
"url": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf"
}
],
"release_date": "2025-05-17T15:46:11.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "setuptools: Path Traversal Vulnerability in setuptools PackageIndex"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2025-06-19T02:00:42.866992+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373799"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50181"
},
{
"category": "external",
"summary": "RHBZ#2373799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
}
],
"release_date": "2025-06-19T01:08:00.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: \u0027stream\u0027.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-59420",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T18:01:35.379361+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397460"
}
],
"notes": [
{
"category": "description",
"text": "Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib RFC violation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "RHBZ#2397460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
}
],
"release_date": "2025-09-22T17:28:53.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib RFC violation"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61920",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-10T20:01:12.833962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403179"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the python Authlib package. Authlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "RHBZ#2403179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e",
"url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
}
],
"release_date": "2025-10-10T19:25:07.679000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Users unable to upgrade may manually enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib Denial of Service"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T15:34:38+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:1ec5bd4c50f080096a3579e498ac9301acf3927834f7773996911db8e11d2279_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:698a1ae2e5e2669d5a328d99deb4b8c67f2d7dd03d878600ce13f8dfb154fcf6_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:a4037bacb4f26a947e511da97519fe318b986e31ef4689a2ec7499789096dc2b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:aad14ca0de55666d13c1a12511cea2c071d0a1c7c5e1b9ed9d7c70d157225293_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:c4133c994168c764a87f34a39a2fa66fa0c04c0c186781cf024e5e41f62280d0_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1ff62272e3139cfc7abf3511e706bcdffeabfbbcacfee18508bd629cea20fd78_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2f0c540c7269e27be3e0d4f988a4d19371a80b8b0684cff74d21851608636c88_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa1b44b1ee74a3ba6aa63eef2003077b1a9a5c067a6aa590eeb8fe30a93fe60b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:c33a90cf0b733a8fd0514f9c6cd53c22ff307c15b80c582736ab88ed26e967f7_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0a79d63a51f959c7704662cf7370da2bd76cc22dd13acefe6eebe6b38881f98a_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9e2fd6eb656ea932d83f001922aa46e7cef7796c404dbe7ab6393820149941a8_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bec2f493457c5fec6af7309d9cc09c4a04632b9050b03720861cb05ac77d1d10_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:fd57da947aee5538acc22c9bbc537eeed955334f7bcce8683fe6eb325847812f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:00c8d4e64fd7246b51a23807d56421a63c5cb201565e50fcdd70623d208b4c80_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:47b66c0f25e0be3b5e533422d5591baadc5f7653ec4c97d8398d6cc3451f5ed9_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:78d3fada736cdb40efb692c6eede03c9a380e3d44e3b4ca338bf3676e1c1b745_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:aea11bfd317b3c0d414f7c1ca5c7768ebbe2bf984d48f2960ec309463c383ced_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:a7f0bcbf21692be996d8beba4228d51d047237a3dad43a5d61e1a379742b5101_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:14d025b088b84df61332fd60382161cccfae6fc7310cdd7fd0a96432a1dcbb0b_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:191c87e2d307ccc97699cf0ff4b7217ca6d4c6fd51b01e93abc423b7b3b688ba_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:19afededc1a3f54a6c3d85c4e0e35043e1b0d2074f0d983e3393c4694348ae58_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7a15aecd0b757726ec8dd1fc2d8d0e611fba1b77ce7857604bfa56314bc5189a_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:ef354fd2be18bcce59d2880843ad295ac8610c1d2dd1565a941ab18e77eec27e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:420be03e698e066bbaa96c7334e1a6b14793836f437b53ee1d961414115622c4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:6e421e848fac1ffd749e1761acd51d41419d73a55e610170e3c6c53294ec061e_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:7d3344ce19373fdf5cc721f0abbb2c2ee87d079b96d0dd4c7350621cfa57a322_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:91844fb97cac49e78054bd9547222aadf1762f1c0fd05feb0b86f9d94787512b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:225e2bed98b80e753ba2eca6b121a7295b20633b25b8098b7dce66efc2bc1b70_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:51881be0039c3a7df9ad588060955dc3f0ea6eef28a35ebc4fe146e73316e2a4_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:e2a2347a1ed65e94a13fd0330e7922339096d725733071a1f9eb4c413be5eb90_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
}
]
}
RHSA-2026:6568
Vulnerability from csaf_redhat - Published: 2026-04-03 22:07 - Updated: 2026-07-01 17:14A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user's initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.15.4 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.15.4",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6568",
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68158",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6568.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.15.4",
"tracking": {
"current_release_date": "2026-07-01T17:14:58+00:00",
"generator": {
"date": "2026-07-01T17:14:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6568",
"initial_release_date": "2026-04-03T22:07:28+00:00",
"revision_history": [
{
"date": "2026-04-03T22:07:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-03T22:07:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T17:14:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.15",
"product": {
"name": "Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.15::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980222"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774980224"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775183105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Adec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775250489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Acde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ad6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774979227"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775227789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775249999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774984603"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abe166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169219"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64 as a component of Red Hat Quay 3.15",
"product_id": "Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64",
"relates_to_product_reference": "Red Hat Quay 3.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68158",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2026-01-08T19:01:41.615962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428102"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect servers. The cache-backed state and request-token storage within Authlib is not securely linked to the user\u0027s initiating session. This vulnerability allows a remote attacker to exploit a Cross-Site Request Forgery (CSRF) by obtaining a valid state, which can lead to unauthorized actions being performed on behalf of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products utilizing Authlib, such as Red Hat Ansible Automation Platform, Hosted OpenShift Clusters, Red Hat Quay, and Red Hat Satellite. The flaw arises from improper session management in Authlib\u0027s cache-backed state storage, allowing a remote attacker to perform Cross-Site Request Forgery (CSRF) by obtaining a valid state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68158"
},
{
"category": "external",
"summary": "RHBZ#2428102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68158"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489",
"url": "https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228",
"url": "https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523"
}
],
"release_date": "2026-01-08T17:58:17.724000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Authlib: Authlib: Cross-Site Request Forgery due to improper session management in state storage"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-03T22:07:28+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:0a1c4f139b35d13aa4b3f6508919e25d3bbfdf588337704c1fc8cc7085bc2eb2_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:35047410a723f6e5b71137b7c6de497eed464dc1528419645cb308f2fd0696d6_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/clair-rhel8@sha256:76c0db9a4d4fcb45502d9d852f23a96aee91990217e19b519f7608eeb377eb22_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:ebdb8e8b383adc86e78fbed0937c27bead67d0b6cb897a93c1558fd265696a1b_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:88854cbe000c3d84ee1000f1d350332eb861a031ece1e1ce0a4f85bcd1eb584e_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a1d9c6f2f614dcea14f3b4564e69fe9ca894c9498fd08c5fdaa3616768ccedc3_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:d6ab62eec5e5489daa85fdda283e86c96101f7d576432d5a4b2865e4fdb0dbf1_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7b129e1319cc2f0edb134149b2cfecc021ca552cfede24d74d4631c3019e233e_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:2970429dcb7f99abf0d0cef4fa59346c90f129ae46d6e746d128b13e55616e06_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:5c02fe25ab73d531f543a673997170b5079c59c93e6ea240e795bfe6520782e3_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d81c106c68fab8c44dcd4c14698be0b8c76862885483ae20c5aa83c8334c805_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:25b0676b9bb2e564fc64b43567ca4e3acda0a9d6ea405f2f8134b0e36b27b701_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3681b3bb7257b54ea71d65370158e52d7165cc1038c129ea0266af21a773a022_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:cde4dc0f20b553550d6009ebc105e5cc80fbdd21d200f3d63f6c435f4addd804_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee7bf66cbb9116521d74e87d5a1b260bcce7634100aab7602149ad2c5bed4c72_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-bundle@sha256:dec2520d12b13cd73ebceb03a82daddfff4b06e57e993268ea52cd21c0136147_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:26a62adcd46e5f84dff66336ccf9392a5bb8369b042dd01c3528ade17c6efa55_amd64",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:8429e68dd8a1f4dc768304d17cd61beb772c0bcf5a4137d626b0a7333204d116_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-operator-rhel8@sha256:e5da14b11a892cc6cad89703d6415b95a47065fa2b1eb308c395579e9cce392a_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b_ppc64le",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:be166b843cc21b3942850443c0f802406f397f71959654a45e17a24fdcb0606a_s390x",
"Red Hat Quay 3.15:registry.redhat.io/quay/quay-rhel8@sha256:c72dd9dd58db8ebcdc9b4daa433840411636e3dea82b21ca191fd0d272e636ec_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
SUSE-SU-2024:3196-1
Vulnerability from csaf_suse - Published: 2024-09-10 14:10 - Updated: 2024-09-10 14:10| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.22 fixes the following issues:\n\n- Update to go v1.22.7 \n- CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252)\n- CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)\n- CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3196,SUSE-SLE-SDK-12-SP5-2024-3196",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3196-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3196-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243196-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3196-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-September/036845.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218424",
"url": "https://bugzilla.suse.com/1218424"
},
{
"category": "self",
"summary": "SUSE Bug 1230252",
"url": "https://bugzilla.suse.com/1230252"
},
{
"category": "self",
"summary": "SUSE Bug 1230253",
"url": "https://bugzilla.suse.com/1230253"
},
{
"category": "self",
"summary": "SUSE Bug 1230254",
"url": "https://bugzilla.suse.com/1230254"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34158/"
}
],
"title": "Security update for go1.22",
"tracking": {
"current_release_date": "2024-09-10T14:10:34Z",
"generator": {
"date": "2024-09-10T14:10:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3196-1",
"initial_release_date": "2024-09-10T14:10:34Z",
"revision_history": [
{
"date": "2024-09-10T14:10:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.7-1.21.1.aarch64",
"product": {
"name": "go1.22-1.22.7-1.21.1.aarch64",
"product_id": "go1.22-1.22.7-1.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.7-1.21.1.aarch64",
"product": {
"name": "go1.22-doc-1.22.7-1.21.1.aarch64",
"product_id": "go1.22-doc-1.22.7-1.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.7-1.21.1.i586",
"product": {
"name": "go1.22-1.22.7-1.21.1.i586",
"product_id": "go1.22-1.22.7-1.21.1.i586"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.7-1.21.1.i586",
"product": {
"name": "go1.22-doc-1.22.7-1.21.1.i586",
"product_id": "go1.22-doc-1.22.7-1.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.7-1.21.1.ppc64le",
"product": {
"name": "go1.22-1.22.7-1.21.1.ppc64le",
"product_id": "go1.22-1.22.7-1.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.7-1.21.1.ppc64le",
"product": {
"name": "go1.22-doc-1.22.7-1.21.1.ppc64le",
"product_id": "go1.22-doc-1.22.7-1.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.7-1.21.1.s390x",
"product": {
"name": "go1.22-1.22.7-1.21.1.s390x",
"product_id": "go1.22-1.22.7-1.21.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.7-1.21.1.s390x",
"product": {
"name": "go1.22-doc-1.22.7-1.21.1.s390x",
"product_id": "go1.22-doc-1.22.7-1.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.7-1.21.1.x86_64",
"product": {
"name": "go1.22-1.22.7-1.21.1.x86_64",
"product_id": "go1.22-1.22.7-1.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.7-1.21.1.x86_64",
"product": {
"name": "go1.22-doc-1.22.7-1.21.1.x86_64",
"product_id": "go1.22-doc-1.22.7-1.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.7-1.21.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64"
},
"product_reference": "go1.22-1.22.7-1.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.7-1.21.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le"
},
"product_reference": "go1.22-1.22.7-1.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.7-1.21.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x"
},
"product_reference": "go1.22-1.22.7-1.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.7-1.21.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64"
},
"product_reference": "go1.22-1.22.7-1.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.7-1.21.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64"
},
"product_reference": "go1.22-doc-1.22.7-1.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.7-1.21.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le"
},
"product_reference": "go1.22-doc-1.22.7-1.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.7-1.21.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x"
},
"product_reference": "go1.22-doc-1.22.7-1.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.7-1.21.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
},
"product_reference": "go1.22-doc-1.22.7-1.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34155"
}
],
"notes": [
{
"category": "general",
"text": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34155",
"url": "https://www.suse.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "SUSE Bug 1230252 for CVE-2024-34155",
"url": "https://bugzilla.suse.com/1230252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T14:10:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-34155"
},
{
"cve": "CVE-2024-34156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34156"
}
],
"notes": [
{
"category": "general",
"text": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34156",
"url": "https://www.suse.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "SUSE Bug 1230253 for CVE-2024-34156",
"url": "https://bugzilla.suse.com/1230253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T14:10:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-34158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34158"
}
],
"notes": [
{
"category": "general",
"text": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34158",
"url": "https://www.suse.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "SUSE Bug 1230254 for CVE-2024-34158",
"url": "https://bugzilla.suse.com/1230254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-1.22.7-1.21.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:go1.22-doc-1.22.7-1.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-10T14:10:34Z",
"details": "moderate"
}
],
"title": "CVE-2024-34158"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.